cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-24872,https://securityvulnerability.io/vulnerability/CVE-2021-24872,Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access,The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.,Wordpress,Get Custom Field Values,6.5,MEDIUM,0.0008299999753944576,false,,false,false,false,,false,false,2021-12-13T10:41:16.000Z,0
CVE-2021-24871,https://securityvulnerability.io/vulnerability/CVE-2021-24871,Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting,"The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks",Wordpress,Get Custom Field Values,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-12-13T10:41:15.000Z,0