CVE-2016-20083
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
The WordPress More Fields Plugin version 2.1 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation.
Risk Assessment
Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxes on the Write/Edit page.
Recommendation
It is recommended to update the plugin to the latest version and implement additional security measures to prevent CSRF attacks.
Original NVD description (English source)
WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxes on the Write/Edit page via POST and GET requests to the options-general.php endpoint.

