CVE Catalog

CVE-2016-20083

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

The WordPress More Fields Plugin version 2.1 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation.

Risk Assessment

Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxes on the Write/Edit page.

Recommendation

It is recommended to update the plugin to the latest version and implement additional security measures to prevent CSRF attacks.

Original NVD description (English source)

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxes on the Write/Edit page via POST and GET requests to the options-general.php endpoint.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS