Security Advisory

CVE-2021-24859

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-12-13 10:41:11

Last updated 2024-08-03 19:42:17

Assigner WPScan

State PUBLISHED

Description

The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes

← Browse all CVEs View on cve.org ↗