First published: Fri Oct 06 2023(Updated: )
The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.
Credit: security@wordfence.com security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Bestwebsoft Profile Extra Fields | <=1.2.7 | |
<=1.2.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-4469.
CVE-2023-4469 has a severity level of medium (5.3).
Versions up to and including 1.2.7 of the Profile Extra Fields by BestWebSoft plugin for WordPress are affected by CVE-2023-4469.
CVE-2023-4469 allows unauthenticated attackers to potentially access sensitive data.
To mitigate CVE-2023-4469, it is recommended to update the Profile Extra Fields by BestWebSoft plugin for WordPress to a version beyond 1.2.7 or apply the available patches.