CVE-2016-20083 in More Fields Plugininfo

Summary

by MITRE • 06/15/2026

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxes on the Write/Edit page via POST and GET requests to the options-general.php endpoint.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulnCheck

Reservation

06/15/2026

Disclosure

06/15/2026

Moderation

accepted

Entry

VDB-370909

CPE

ready

CWE

CWE-352 (confirmed)

Exploit

Download

CVSS

5.3 (CNA)

EPSS

0.00000

KEV

Activities

low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-20083
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-20083
CVE Details	https://www.cvedetails.com/cve/CVE-2016-20083/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!