User Meta Shortcodes Project: >> User Meta Shortcodes >> 0.5 Security Vulnerabilities
The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes
CVSS Score
4.3
EPSS Score
0.002
Published
2021-12-13