Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High0

Medium2

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2024-11-21

CVE-2021-24872 - Get Custom Field Values Plugin

The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.

PLUGIN Get Custom Field Values

CVE-2021-24872

MEDIUM CVSS 6.5 2021-12-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24871 - Get Custom Field Values Plugin

The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks

PLUGIN Get Custom Field Values

CVE-2021-24871

MEDIUM CVSS 5.4 2021-12-13

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2021-24872 - Get Custom Field Values Plugin

CVE-2021-24871 - Get Custom Field Values Plugin

Company Links

Contact Us