Threats Tagged 'cve-2026-3173'
View all threats tagged with 'cve-2026-3173'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-3173'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-3173: CWE-639 Authorization Bypass Through User-Controlled Key in mr2p Meta Field Block – Display custom fields in the Block Editor without codingCVE-2026-3173 0 The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user has permission to access the requested object's metadata. This makes it possible for authenticated attackers, with Contributor-level access and above, to read arbitrary user meta, post meta, and term meta data from any object in the database. On sites using plugins that store sensitive data in meta fields (e.g., WooCommerce billing/shipping information), this could lead to the exposure of Personally Identifiable Information (PII) including names, email addresses, phone numbers, and physical addresses. Join the discussion | CVE Database V5 | 05/28/2026, 05:30:39 UTC Added: 05/28/2026, 06:04:26 UTC |
Showing 1 to 1 of 1 result