CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24859

The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.8%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

https://wpscan.com/vulnerability/958f44a5-07e7-4349-9212-2a039a082ba0
https://wpscan.com/vulnerability/958f44a5-07e7-4349-9212-2a039a082ba0

Products affected by CVE-2021-24859

User Meta Shortcodes Project » User Meta Shortcodes » Version: N/A

cpe:2.3:a:user_meta_shortcodes_project:user_meta_shortcodes:-
User Meta Shortcodes Project » User Meta Shortcodes » Version: 0.5

cpe:2.3:a:user_meta_shortcodes_project:user_meta_shortcodes:0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24859

Products

Pricing

Contact Us