Josevega

josevega

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Display Custom Fields In The Frontend Post And User Profile Fields

display_custom_fields_in_the_frontend_-_post_and_user_profile_fields

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-6983 1Josevega 1Display Custom Fields In The Frontend Post And User Profile Fields Apr 8, 2026 Feb 5, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcod...Show more The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2023-6983

1Josevega

1Display Custom Fields In The Frontend Post And User Profile Fields

Apr 8, 2026

Feb 5, 2024

N/A· v4

4.3 MEDIUM· v3

N/A· v2

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta.Show less