CVE-2021-24859 in User Meta Shortcodes Plugin
Zusammenfassung
von MITRE • 13.12.2021
The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes
Be aware that VulDB is the high quality source for vulnerability data.