Lucene search
WPScanCVELIST:CVE-2021-24824HistoryMar 07, 2022 - 8:16 a.m.
CVE-2021-24824 Custom Content Shortcode < 4.0.1 - Unauthorised Arbitrary Post Metadata Access
2022-03-0708:16:03
CWE-863
WPScan
www.cve.org
3
cve-2021-24824
custom content shortcode
unauthorised access
arbitrary post metadata
woocommerce
sensitive data disclosure
The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved
CNA Affected
[
{
"product": "Custom Content Shortcode",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.0.1",
"status": "affected",
"version": "4.0.1",
"versionType": "custom"
}
]
}
]Related
prion
prion
Code injection
2022-03-07 09:15:00
wpexploit
wpexploit
nvd
nvd
CVE-2021-24824
2022-03-07 09:15:08
cnvd
cnvd
WordPress Custom Content Shortcode plugin unauthorized access vulnerability
2022-03-09 00:00:00
patchstack
patchstack
wpvulndb
wpvulndb
cve
cve
CVE-2021-24824
2022-03-07 09:15:08