CVE-2023-2448 in UserPro Plugininfo

Zusammenfassung

von MITRE • 22.11.2023

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode.

Be aware that VulDB is the high quality source for vulnerability data.

Zuständig

Wordfence

Reservieren

01.05.2023

Veröffentlichung

22.11.2023

Moderieren

akzeptiert

Eintrag

VDB-245924

CPE

bereit

EPSS

0.00903

KEV

nein

Aktivitäten

very low

Quellen

Might our Artificial Intelligence support you?

Check our Alexa App!