Lucene search

K
wpexploitFrancesco CarlucciWPEX-ID:958F44A5-07E7-4349-9212-2A039A082BA0
HistoryNov 15, 2021 - 12:00 a.m.

User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access

2021-11-1500:00:00
Francesco Carlucci
80

0.001 Low

EPSS

Percentile

24.8%

The plugin registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes

As a contributor, put the following shortcode in a post/page [otheruserinfo login="admin" field="user_pass"][/otheruserinfo]

0.001 Low

EPSS

Percentile

24.8%

Related for WPEX-ID:958F44A5-07E7-4349-9212-2A039A082BA0