Vulnerabilities > CVE-2021-24859 - Unspecified vulnerability in User Meta Shortcodes Project User Meta Shortcodes 0.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |