Description
WordPress Plugin Custom Field Suite is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently export and re-import setup configuration. WordPress Plugin Custom Field Suite version 2.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.4.1 or latest
References
Related Vulnerabilities
WordPress Credentials Management Errors Vulnerability (CVE-2009-2762)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2687)
WordPress Plugin WP BASE Booking of Appointments, Services and Events PHP Object Injection (3.5.0)
Squid Improper Input Validation Vulnerability (CVE-2016-2390)