CVE-2016-20083

MEDIUM 5.3

WordPress More Fields Plugin 2.1 Cross-Site Request Forgery

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxes on the Write/Edit page via POST and GET requests to the options-general.php endpoint.

CWE	CWE-352
Vendor	henrikmelin
Product	more fields
Published	Jun 15, 2026
Last Updated	Jun 15, 2026

Stay Ahead of the Next One

Get instant alerts for henrikmelin more fields

Be the first to know when new medium vulnerabilities affecting henrikmelin more fields are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected Versions

henrikmelin / More Fields

2.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/39507 wordpress.org: https://wordpress.org/support/plugin/more-fields vulncheck.com: https://www.vulncheck.com/advisories/wordpress-more-fields-plugin-cross-site-request-forgery

Credits

Aatif Shahdad