Lucene search
K

4 matches found

Cvelist
Cvelist
added 2024/03/13 3:26 p.m.33 views

CVE-2023-6969 User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode

The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level...

4.3CVSS5.2AI score0.00472EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.14 views

CVE-2023-6969 User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode

The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level...

4.3CVSS6.6AI score0.00472EPSS
Exploits0References2
CVE
CVE
added 2024/03/13 3:26 p.m.60 views

CVE-2023-6969

CVE-2023-6969 affects the WordPress plugin User Shortcodes Plus. It is an Insecure Direct Object Reference in the user_meta shortcode caused by missing validation on a user-controlled key, allowing authenticated attackers with contributor-level access or higher to retrieve potentially sensitive u...

4.3CVSS5.9AI score0.00472EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/02/26 12:0 a.m.19 views

WordPress User Shortcodes Plus Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)

Software User Shortcodes Plus Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6969 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cc1bdd35256f Credits Francesco...

5.3CVSS6.5AI score0.00472EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder