Security Advisory

CVE-2023-0911

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-20 15:52:23

Last updated 2025-02-25 20:28:41

Assigner WPScan

State PUBLISHED

Description

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default.

← Browse all CVEs View on cve.org ↗