[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCWEaWuOKvhw79869njQsZw60uZ6JUyce_Zc_KSr_Nw8":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2024-1204","meta-box-wordpress-custom-fields-framework-authenticated-contributor-information-exposure-via-post-meta","Meta Box – WordPress Custom Fields Framework \u003C= 5.9.3 - Authenticated (Contributor+) Information Exposure via Post Meta","The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 5.9.3. This is due to the plugin not properly restricting the post meta that can be displayed through the 'rwmb_meta' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta information.","meta-box",null,"\u003C=5.9.3","5.9.4","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2024-03-25 00:00:00","2024-04-23 14:21:22",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6276a405-4879-4429-8fc1-2d567ded5112?source=api-prod",30]