{"id":"CVE-2021-24872","details":"The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.","modified":"2026-03-14T10:47:42.050675Z","published":"2021-12-13T11:15:09.373Z","references":[{"type":"EVIDENCE","url":"https://wpscan.com/vulnerability/ec23734a-5ea7-4e46-aba9-3dee4e6dffb6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/coffee2code/get-custom-field-values","events":[{"introduced":"0"},{"fixed":"674a6fa37be40e54139c01e7c51fe88e25e5a592"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.0"}]}}],"versions":["3.5","3.6","3.6.1","3.7","3.8","3.9","3.9.1","3.9.2","3.9.3","3.9.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24872.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}