CVE-2021-24859 in User Meta Shortcodes Plugininfo

Zusammenfassung

von MITRE • 13.12.2021

The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes

Be aware that VulDB is the high quality source for vulnerability data.

Reservieren

14.01.2021

Veröffentlichung

13.12.2021

Moderieren

akzeptiert

Eintrag

VDB-187996

CPE

bereit

EPSS

0.00783

KEV

nein

Aktivitäten

very low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!