exploitDog

CVE-2021-24824

Опубликовано: 07 мар. 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved

Ссылки

https://wpscan.com/vulnerability/7b4d4675-6089-4435-9b56-31496adc4767
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/7b4d4675-6089-4435-9b56-31496adc4767
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:custom_content_shortcode_project:custom_content_shortcode:*:*:*:*:*:wordpress:*:*

Версия до 4.0.1 (исключая)

EPSS

Процентиль: 40%

0.00181

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

CWE-863

Связанные уязвимости

GHSA-28mp-cx45-6mwq

CVSS3: 4.3

github

больше 3 лет назад

The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved

EPSS

Процентиль: 40%

0.00181

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

CWE-863