CVE-2021-24859

CVE-2021-24859: User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access

Vendor Unknown
Product User meta shortcodes
Weakness CWE-284
Published December 13, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes

Key dates

02Disclosure timeline

December 13, 2021 CVE published
August 3, 2024 Record updated