MEDIUM
mr2p
CVE published 2026-05-28
CVE-2026-3173
The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference (IDOR) in all versions up to and including 1.5.1. The plugin fails to validate whether authenticated users have permission to access requested object metadata when users specify arbitrary object IDs and object types via block attributes. This allows authenticated attackers with Contributor-level access or higher to [truncated]