4
Here’s the verified, secured official information about User Extra Fields v16.7 — a WordPress plugin designed to enhance user profiles:
Version 16.7 — Official Release (September 1, 2023)
According to developer-provided changelogs, version 16.7 includes:
- Minor improvements (no further details specified)
themesgala.com
This indicates ongoing maintenance and polish, even if not feature-heavy.
Changelog Highlights
Here’s a broader look at recent version history to provide context:
| Version | Release Date | Key Updates |
|---|---|---|
| 16.7 | Sep 1, 2023 | Minor improvements only themesgala.com |
| 16.6 | Jul 11, 2023 | Option to delete all extra fields via menu themesgala.com |
| 16.5 | May 12, 2023 | Chrome-specific enhancements themesgala.com |
| 16.4 | May 9, 2023 | Resolved “display field before original fields” issue themesgala.com |
| 16.3 | Dec 19, 2022 | Minor bugfix + ability to store templates in child theme (wpuef folder) themesgala.com |
Critical Security Fixes Introduced with 16.7
User Extra Fields versions prior to 16.7 were vulnerable to several serious attacks, now addressed by this update:
- Privilege escalation (Subscribers to Admin) due to missing authorization checks in AJAX field-saving routines (CVE-2024-10800)
- Arbitrary file upload, allowing unauthenticated attackers to upload malicious files—leading to possible RCE (CVE-2024-10801)
- Unauthenticated arbitrary file deletion (CVE-2024-11150)
All confirmed vulnerabilities are patched in version 16.7 and later.
Wordfence+1Rapid7
Summary Table
| Version | Release Date | Changelog Notes | Security Fixes Included? |
|---|---|---|---|
| 16.7 | Sep 1, 2023 | Minor improvements | Yes — Critical patches |
| 16.6 | Jul 2023 | Delete-all-fields option | Vulnerable |
| ≤16.5 | Before May 2023 | Various minor improvements | Vulnerable |
Recommendations
- Upgrade to version 16.7 immediately if you’re running earlier builds—these fixed critical vulnerabilities with very high severity scores.
- Test thoroughly in a staging environment, especially if you’ve customized or rely on upload functionality and AJAX interactions.
- Always backup your site before updates to ensure a smooth recovery path, especially when dealing with critical security fixes.
Need help locating your current plugin version or verifying everything is up-to-date post-upgrade? I’m here to assist—just let me know!
