exploitDog

CVE-2021-24859

Опубликовано: 13 дек. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes

Ссылки

https://wpscan.com/vulnerability/958f44a5-07e7-4349-9212-2a039a082ba0
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/958f44a5-07e7-4349-9212-2a039a082ba0
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:user_meta_shortcodes_project:user_meta_shortcodes:*:*:*:*:*:wordpress:*:*

Версия до 0.5 (включая)

EPSS

Процентиль: 40%

0.00186

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-m96c-8jmv-4r54

github

около 4 лет назад

The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes

EPSS

Процентиль: 40%

0.00186

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284