Description The plugin does not prevent users with at least the contributor role using some of its shortcode’s functionalities to leak arbitrary options from the database.
1. ADMIN: Install Kadence Blocks Pro 2. CONTRIBUTOR: Add shortcode to any post and specify/guess the option name and save 3. CONTRIBUTOR: Preview the post and see option you shouldn’t have access to Example shortcode: [kb-dynamic para="kb_custom_input" custom="active_plugins" field="site|custom_setting"]