The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Profile_extra_fields | Bestwebsoft | * | 1.2.7 (including) |