WordPress Kadence Blocks Pro plugin < 2.3.8 - Contributor+ Arbitrary Option Access vulnerability

Contributor+ Arbitrary Option Access vulnerability discovered by Scott Kingsley Clark in WordPress Plugin Kadence Blocks Pro versions 2.3.8...

CVE-2024-1330 Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access

The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database...

Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access

Description The plugin does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. PoC 1. ADMIN: Install Kadence Blocks Pro 2. CONTRIBUTOR: Add shortcode to any post and specify/guess the option name and save...

Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access

Description The plugin does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. 1. ADMIN: Install Kadence Blocks Pro 2. CONTRIBUTOR: Add shortcode to any post and specify/guess the option name and save 3...