CVE-2023-4469 in Profile Extra Fields Plugininformazioni

Riassunto

di MITRE • 25/10/2023

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.

Be aware that VulDB is the high quality source for vulnerability data.

Responsabile

Wordfence

Prenotare

21/08/2023

Divulgazione

25/10/2023

Moderazione

accettato

CPE

pronto

EPSS

0.00467

KEV

no

Attività

molto basso

Fonti

Do you know our Splunk app?

Download it now for free!