2 matches found
CVE-2021-24825
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ v 4.0.1 or Admin+ v 4.0.2 users to display arbitrary files from the filesystem such as logs, .htaccess etc, as well as perform Local File Inclusion...
CVE-2021-24825
CVE-2021-24825 affects the WordPress plugin Custom Content Shortcode (versions before 4.0.2). The issue arises because load shortcode data is not validated, allowing authenticated contributors (v<4.0.1) or admins (v