CVE-2023-6748
📋 TL;DR
The Custom Field Template WordPress plugin up to version 2.6.1 contains a vulnerability that allows authenticated attackers with contributor-level access or higher to extract sensitive post metadata via the 'cft' shortcode. This exposes potentially confidential information stored in custom fields. WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- WordPress Custom Field Template plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could extract sensitive post metadata including passwords, API keys, personal data, or other confidential information stored in custom fields, leading to data breaches, account compromise, or further attacks.
Likely Case
Authenticated users with contributor privileges could access metadata they shouldn't see, potentially exposing internal notes, draft content, or configuration data.
If Mitigated
With proper access controls and monitoring, the impact is limited to authorized users accessing data they shouldn't see, which can be detected and contained.
🎯 Exploit Status
Exploitation requires authenticated access (contributor or higher). The vulnerability is in the 'cft' shortcode functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.2
Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Custom Field Template'. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.6.2+ from WordPress.org and replace the plugin files.
🔧 Temporary Workarounds
Disable plugin
allTemporarily disable the Custom Field Template plugin until patched
wp plugin deactivate custom-field-template
Restrict user roles
allLimit contributor and higher roles to trusted users only
🧯 If You Can't Patch
- Remove contributor and higher access from untrusted users
- Monitor logs for unusual 'cft' shortcode usage or metadata access patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Custom Field Template version. If version is 2.6.1 or lower, you are vulnerable.Check Version:
wp plugin get custom-field-template --field=versionVerify Fix Applied:
Verify plugin version is 2.6.2 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual shortcode usage patterns
- Multiple metadata access attempts by contributor users
- Access to posts/pages with 'cft' shortcode
Network Indicators:
- HTTP requests containing 'cft' parameter from authenticated users
SIEM Query:
source="wordpress" AND (shortcode="cft" OR plugin="custom-field-template")🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7fcd0410-9423-4349-8d1c-3551de38a7c7?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7fcd0410-9423-4349-8d1c-3551de38a7c7?source=cve
