VYPR

Get Custom Field Values

by Scott Reilly

CVEs (3)

  • CVE-2023-45604Oct 18, 2023
    risk 0.00cvss epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Scott Reilly Get Custom Field Values plugin <= 4.0.1 versions.

  • CVE-2021-24872Dec 13, 2021
    risk 0.00cvss epss 0.01

    The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.

  • CVE-2021-24871Dec 13, 2021
    risk 0.00cvss epss 0.01

    The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks