cve/CVE-2023-0911.md at 992ed5df2f87026aeddf10638eaf95d3582228f9

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49

2024-05-28 08:49:17 +00:00

Description

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default.

POC

Reference

https://wpscan.com/vulnerability/35404d16-7213-4293-ac0d-926bd6c17444

Github

No PoCs found on GitHub currently.

917 B Raw Blame History

CVE-2023-0911

Description

POC

Reference

Github

917 B

Raw Blame History