CVE-2021-24859 in User Meta Shortcodes Plugin
Riassunto
di MITRE • 13/12/2021
The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes
Be aware that VulDB is the high quality source for vulnerability data.