6.5
CVE-2023-0911
- EPSS 0.3%
- Veröffentlicht 20.03.2023 16:15:12
- Zuletzt bearbeitet 25.02.2025 21:15:10
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginShortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Information Exposure
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default.
Mögliche Gegenmaßnahme
WP Shortcodes Plugin — Shortcodes Ultimate: Update to version 5.12.8, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Shortcodes Plugin — Shortcodes Ultimate
Version
*-5.12.7
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Getshortcodes ≫ Shortcodes Ultimate SwPlatformwordpress Version < 5.12.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.525 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.