Vulnerabilities > CVE-2023-0890 - Missing Authorization vulnerability in Getshortcodes Shortcodes Ultimate

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
getshortcodes
CWE-862

Summary

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of protected posts

Vulnerable Configurations

Part Description Count
Application
Getshortcodes
184

Common Weakness Enumeration (CWE)