RSS   Podatności dla 'User meta shortcodes'   RSS

2021-12-13
 
CVE-2021-24859

CWE-284
 

 
The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes

 


Copyright 2024, cxsecurity.com

 

Back to Top