Plugin vulnerability allows unauthorized access to user custom fields
CVE-2024-1204
Currently unrated
Key Information:
Badges
πΎ Exploit Existsπ‘ Public PoC
Summary
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts.
Affected Version(s)
Meta Box 0 < 5.9.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Scott Kingsley Clark
WPScan