Lucene search

CVE-2023-0890

🗓️ 20 Mar 2023 16:12:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 51 Views🌐 WEB

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 allows authenticated users to view private posts and leak password

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
wpexploit	Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access	27 Feb 202300:00	–	wpexploit
Prion	Design/Logic Flaw	20 Mar 202316:15	–	prion
NVD	CVE-2023-0890	20 Mar 202316:15	–	nvd
Cvelist	CVE-2023-0890 Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access	20 Mar 202315:52	–	cvelist
WPVulnDB	Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access	27 Feb 202300:00	–	wpvulndb
Vulnrichment	CVE-2023-0890 Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access	20 Mar 202315:52	–	vulnrichment
OpenVAS	WordPress Shortcodes Ultimate Plugin < 5.12.8 Multiple Information Disclosure vulnerabilities	22 Mar 202300:00	–	openvas
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)	9 Mar 202314:32	–	wordfence

Nvd

Vulners

Node

getshortcodes shortcodes_ultimateRange<5.12.8wordpress

[
  {
    "vendor": "Unknown",
    "product": "WordPress Shortcodes Plugin — Shortcodes Ultimate",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "5.12.8"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/8a466f15-f112-4527-8b02-4544a8032671

Parameter	Position	Path	Description	CWE
shortcode	request body	/wp-admin/admin-ajax.php	Allows authenticated users to view draft, private, or password protected posts using the su_post shortcode.	CWE-862
post_id	request body	/wp-admin/admin-ajax.php	Allows authenticated users to view draft, private, or password protected posts using the su_post shortcode.	CWE-862
shortcode	request body	/wp-admin/admin-ajax.php	Leakes the password of a protected post using the su_post shortcode.	CWE-862
post_id	request body	/wp-admin/admin-ajax.php	Leakes the password of a protected post using the su_post shortcode.	CWE-862
shortcode	request body	/wp-admin/admin-ajax.php	Displays all private posts and their content using the su_posts shortcode.	CWE-862
post_status	request body	/wp-admin/admin-ajax.php	Displays all private posts and their content using the su_posts shortcode.	CWE-862
shortcode	request body	/wp-admin/admin-ajax.php	Displays the posts with specified IDs using the su_posts shortcode.	CWE-862
post_status	request body	/wp-admin/admin-ajax.php	Displays the posts with specified IDs using the su_posts shortcode.	CWE-862
id	request body	/wp-admin/admin-ajax.php	Displays the posts with specified IDs using the su_posts shortcode.	CWE-862

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

20 Mar 2023 16:15Current

6.5Medium risk

Vulners AI Score6.5

CVSS36.5

EPSS0.00222

SSVC

CWE-862