CVE-2016-20083

Description

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxes on the Write/Edit page via POST and GET requests to the options-general.php endpoint.

PUBLISHED Reserved 2026-06-15 | Published 2026-06-15 | Updated 2026-06-15 | Assigner VulnCheck

Problem types

Cross-Site Request Forgery (CSRF)

Product status

Credits

Aatif Shahdad finder

References

www.exploit-db.com/exploits/39507 (ExploitDB-39507) exploit

wordpress.org/support/plugin/more-fields (Product Reference) product

www.vulncheck.com/...ields-plugin-cross-site-request-forgery (VulnCheck Advisory: WordPress More Fields Plugin 2.1 Cross-Site Request Forgery) third-party-advisory

cve.org (CVE-2016-20083)

nvd.nist.gov (CVE-2016-20083)

Download JSON