Lucene search
WPScanCVELIST:CVE-2023-0911HistoryMar 20, 2023 - 3:52 p.m.
CVE-2023-0911 Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure
2023-03-2015:52:23
WPScan
www.cve.org
wordpress
shortcodes ultimate
user meta disclosure
cve-2023-0911
plugin vulnerability
0.001 Low
EPSS
Percentile
29.7%
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default.
CNA Affected
[
{
"vendor": "Unknown",
"product": "WordPress Shortcodes Plugin — Shortcodes Ultimate",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "5.12.8"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cve
cve
CVE-2023-0911
2023-03-20 16:15:12
wpvulndb
wpvulndb
Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure
2023-02-27 00:00:00
wpexploit
wpexploit
Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure
2023-02-27 00:00:00
prion
prion
Default credentials
2023-03-20 16:15:00
nvd
nvd
CVE-2023-0911
2023-03-20 16:15:12
openvas
openvas
wordfence
wordfence