cleantalk
Vulnerabilities and Security Researches

Custom Field Template, CVE-2023-6748

CVE, Research URL

CVE-2023-6748

Home page URL

Security reports for Custom Field Template

Application

Custom Field Template

Published on
Jun 11, 2024
Research Description
The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary post metadata.
Affected versions
max 2.6.2.
Status
vulnerable
Previous vulnerability researches
Custom Field Template (CVE-2024-44062) , Sep 02, 2024
Custom Field Template (CVE-2025-63058) , Dec 11, 2025
Custom Field Template (CVE-2023-6748) , Jun 14, 2024
Custom Field Template (CVE-2023-6745) , Jun 14, 2024
Custom Field Template (CVE-2024-0653) , Jun 14, 2024
New vulnerability
Pure WC Variation Swatches (CVE-2025-12820) , Jan 11, 2026
WP Scraper (CVE-2025-62088) , Jan 11, 2026
Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger Live Chat Support Chat Button – Bit As (CVE-2025-68596) , Jan 11, 2026
Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic (CVE-2025-69093) , Jan 11, 2026
SALESmanago (CVE-2025-68571) , Jan 11, 2026