Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access
Vulnerability Description
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
WordPress 插件安全漏洞
Vulnerability Description
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress 插件是WordPress开源的一个应用插件。 WordPress Plugins WordPress Plugins Get Custom Field Values 存在安全漏洞,该漏洞源于4.0之前的WordPress插件允许角色低至Contributor的用户访问其他帖子的元数据,而无需验证权限,贡献者可以访问管理帖子的元数据。
CVSS Information
N/A
Vulnerability Type
N/A