6.5
CVE-2023-0911
- EPSS 0.65%
- Veröffentlicht 20.03.2023 16:15:12
- Zuletzt bearbeitet 25.02.2025 21:15:10
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginShortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure
Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Information Exposure
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default.
Mögliche Gegenmaßnahme
Shortcodes Ultimate – Content Elements: Update to version 5.12.8, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Getshortcodes ≫ Shortcodes Ultimate SwPlatformwordpress Version < 5.12.8
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Shortcodes Ultimate – Content Elements
Version
*-5.12.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.464 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://wpscan.com/vulnerability/35404d16-7213-4293-ac0d-926bd6c17444
https://www.wordfence.com/threat-intel/vulnerabilities/id/144895c9-5800-435e-9f75-a8de17ca2d93