EUVD-2021-11771

Malware in sbrugna...

WordPress User Meta Shortcodes plugin access control error vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress User Meta Shortcodes Plugin has an access control error vulnerability that stems from the plugin's User...

CVE-2021-24859

The CVE-2021-24859 entry concerns the WordPress plugin “User Meta Shortcodes” (versions ≤ 0.5). Multiple connected sources confirm that a shortcode registered by the plugin allows any user with a role as low as Contributor to access metadata of other users by supplying the login parameter, enabli...

CVE-2021-24859 User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access

The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes...

WordPress 插件访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress User Meta Shortcodes Plugin has an access control error vulnerability that stems from the plugin's User...