5 matches found
WordPress Shortcodes Ultimate Plugin < 5.12.8 Multiple Information Disclosure vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:getshortcodes:shortcodesultimate"; ifdescription...
CVE-2023-0911
creationtimestamp| type| source ---|---|--- 2023-03-20 21:04:33+00:00| seen| https://t.me/cibsecurity/60343...
CVE-2023-0911
The CVE concerns the WordPress plugin Shortcodes Ultimate (before 5.12.8). The vulnerability arises because the plugin does not validate the user meta returned by the user shortcode, allowing any authenticated user (e.g., subscriber) to retrieve arbitrary user metadata (excluding user_pass), such...
CVE-2023-0911 Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta except the userpass, such as the user email and activati...
WordPress Shortcodes Ultimate Plugin < 5.12.8 is vulnerable to Sensitive Data Exposure
Software Shortcodes Ultimate Type Plugin Vulnerable versions 5.12.8 Fixed in 5.12.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0911 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 466e8901614e Credits Erwan LR WPScan Requir...