CVE-2023-4469

Name of the Vulnerable Software and Affected Versions The Profile Extra Fields by BestWebSoft plugin for WordPress versions up to, and including, 1.2.7

Description The issue is related to unauthorized access of data due to a missing capability check on the prflxtrflds export file function. This allows unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.

Recommendations For versions up to, and including, 1.2.7, update to a version higher than 1.2.7 to resolve the issue. As a temporary workaround, consider disabling the prflxtrflds export file function until a patch is available. Restrict access to sensitive user data to minimize the risk of exploitation.