MEDIUM
henrikmelin
CVE published 2026-06-15
CVE-2016-20083
CVE-2016-20083 is a cross-site request forgery vulnerability in WordPress More Fields Plugin 2.1. The vulnerability allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxes on the Write/Edit page via POST and GET requests to the options-general.php endpoint.