8 matches found
EUVD-2023-59165
Malicious code in bioql PyPI...
CVE-2023-6969
The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level...
CVE-2023-6969
The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level...
CVE-2023-6969
CVE-2023-6969 affects the WordPress plugin User Shortcodes Plus. It is an Insecure Direct Object Reference in the user_meta shortcode caused by missing validation on a user-controlled key, allowing authenticated attackers with contributor-level access or higher to retrieve potentially sensitive u...
CVE-2023-6969 User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode
The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level...
User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode
Description The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
WordPress User Shortcodes Plus Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)
Software User Shortcodes Plus Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6969 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cc1bdd35256f Credits Francesco...
PT-2023-32827 · WordPress · User Shortcodes Plus
Name of the Vulnerable Software and Affected Versions: User Shortcodes Plus plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to Insecure Direct Object Reference, which affects the user meta shortcode due to missing validation on a user-controlled key. Th...