Plugin Vulnerability Allows Contributor User Access to Custom Fields on Any Post

CVE-2024-1564

Currently unrated 🤨

Key Information

Vendor: WordPress
Status: WP-schema-pro
Vendor: CVE Published:; 25 March 2024

Summary

The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode

Affected Version(s)

wp-schema-pro < 2.7.16

Timeline

Vulnerability published.
Mar 25, 2024
Vulnerability Reserved.
Feb 15, 2024

Collectors

NVD DatabaseMitre Database

Credit

Scott Kingsley Clark

WPScan