Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24859
HistoryDec 13, 2021 - 10:41 a.m.

CVE-2021-24859 User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access

2021-12-1310:41:11
CWE-284
WPScan
www.cve.org

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes

CNA Affected

[
  {
    "product": "User meta shortcodes",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "0.5",
        "status": "affected",
        "version": "0.5",
        "versionType": "custom"
      }
    ]
  }
]

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

Related for CVELIST:CVE-2021-24859