Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-3173

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-28 May, 2026 | 05:30
Updated At-28 May, 2026 | 10:36
Rejected At-
Credits

Meta Field Block <= 1.5.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary User Meta Exposure

The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user has permission to access the requested object's metadata. This makes it possible for authenticated attackers, with Contributor-level access and above, to read arbitrary user meta, post meta, and term meta data from any object in the database. On sites using plugins that store sensitive data in meta fields (e.g., WooCommerce billing/shipping information), this could lead to the exposure of Personally Identifiable Information (PII) including names, email addresses, phone numbers, and physical addresses.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:28 May, 2026 | 05:30
Updated At:28 May, 2026 | 10:36
Rejected At:
▼CVE Numbering Authority (CNA)
Meta Field Block <= 1.5.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary User Meta Exposure

The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user has permission to access the requested object's metadata. This makes it possible for authenticated attackers, with Contributor-level access and above, to read arbitrary user meta, post meta, and term meta data from any object in the database. On sites using plugins that store sensitive data in meta fields (e.g., WooCommerce billing/shipping information), this could lead to the exposure of Personally Identifiable Information (PII) including names, email addresses, phone numbers, and physical addresses.

Affected Products
Vendor
mr2p
Product
Meta Field Block – Display custom fields in the Block Editor without coding
Default Status
unaffected
Versions
Affected
  • From 0 through 1.5.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-639CWE-639 Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-639
Description: CWE-639 Authorization Bypass Through User-Controlled Key
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Osvaldo Noe Gonzalez Del Rio
Timeline
EventDate
Vendor Notified2026-02-25 00:27:43
Disclosed2026-05-27 00:00:00
Event: Vendor Notified
Date: 2026-02-25 00:27:43
Event: Disclosed
Date: 2026-05-27 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/247df9e2-0a63-49ad-86fa-cb4c6e62c4cf?source=cve
N/A
https://plugins.trac.wordpress.org/browser/display-a-meta-field-as-block/trunk/meta-field-block.php#L206
N/A
https://plugins.trac.wordpress.org/browser/display-a-meta-field-as-block/trunk/meta-field-block.php#L328
N/A
https://plugins.trac.wordpress.org/changeset/3472303/
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/247df9e2-0a63-49ad-86fa-cb4c6e62c4cf?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/display-a-meta-field-as-block/trunk/meta-field-block.php#L206
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/display-a-meta-field-as-block/trunk/meta-field-block.php#L328
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3472303/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:28 May, 2026 | 06:16
Updated At:28 May, 2026 | 13:45

The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user has permission to access the requested object's metadata. This makes it possible for authenticated attackers, with Contributor-level access and above, to read arbitrary user meta, post meta, and term meta data from any object in the database. On sites using plugins that store sensitive data in meta fields (e.g., WooCommerce billing/shipping information), this could lead to the exposure of Personally Identifiable Information (PII) including names, email addresses, phone numbers, and physical addresses.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-639Primarysecurity@wordfence.com
CWE ID: CWE-639
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/browser/display-a-meta-field-as-block/trunk/meta-field-block.php#L206security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/display-a-meta-field-as-block/trunk/meta-field-block.php#L328security@wordfence.com
N/A
https://plugins.trac.wordpress.org/changeset/3472303/security@wordfence.com
N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/247df9e2-0a63-49ad-86fa-cb4c6e62c4cf?source=cvesecurity@wordfence.com
N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/display-a-meta-field-as-block/trunk/meta-field-block.php#L206
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/display-a-meta-field-as-block/trunk/meta-field-block.php#L328
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3472303/
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/247df9e2-0a63-49ad-86fa-cb4c6e62c4cf?source=cve
Source: security@wordfence.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

160Records found
CVE-2019-14246
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.50% / 81.41%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:38
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.

Action-Not Available
Vendor-centos-webpaneln/a
Product-centos_web_paneln/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-47191
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 37.72%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 18:26
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Youzify Plugin <= 1.2.2 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2.

Action-Not Available
Vendor-kainelabsKaineLabs
Product-youzifyYouzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-45393
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.46%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 00:00
Updated-18 Sep, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie.

Action-Not Available
Vendor-grandingtecon/a
Product-utime_mastern/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-44254
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.25% / 48.64%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 14:37
Updated-12 Dec, 2024 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzer_big_datafortianalyzerfortimanagerFortiManagerFortiAnalyzer
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-42334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.

Action-Not Available
Vendor-fl3xxn/a
Product-dispatchcrewn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-8057
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 14.08%
||
7 Day CHG~0.00%
Published-16 Sep, 2025 | 14:02
Updated-17 Sep, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Patika Global Technologies' HumanSuite

Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client.This issue affects HumanSuite: before 53.21.0.

Action-Not Available
Vendor-Patika Global Technologies
Product-HumanSuite
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-68071
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.89%
||
7 Day CHG+0.01%
Published-16 Dec, 2025 | 08:13
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Real Estate plugin <= 5.3.2 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.3.2.

Action-Not Available
Vendor-g5theme
Product-Essential Real Estate
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-36238
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 00:00
Updated-14 Apr, 2025 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter.

Action-Not Available
Vendor-n/aWebkul Software Pvt. Ltd.
Product-bagiston/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-36483
Matching Score-4
Assigner-Carrier Global Corporation
ShareView Details
Matching Score-4
Assigner-Carrier Global Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 38.68%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 00:00
Updated-25 Feb, 2026 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MAS (a Carrier brand) MASmobile Classic Authorization Bypass

Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android  version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data  including customer data, security system status, and event history.

Action-Not Available
Vendor-MAS (a Carrier brand)carrierHoneywell International Inc.
Product-masmobile_classicmasmobile_asp.net_servicesMASmobile ClassicMAS ASP.Net Servicesmas_asp.net_servicesmasmobile_classic
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-36235
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.71%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 00:00
Updated-10 Jun, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.

Action-Not Available
Vendor-n/aWebkul Software Pvt. Ltd.
Product-qloappsn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found