← Back

Display Custom Fields In The Frontend Post And User Profile Fields

display_custom_fields_in_the_frontend_-_post_and_user_profile_fields

Vendor: Josevega • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-6983
1Josevega
1Display Custom Fields In The Frontend Post And User Profile Fields
Apr 8, 2026
Feb 5, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcod...Show more
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta.Show less