Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-6969

Published: 13/03/2024 Updated: 13/03/2024

Vulnerability Summary

The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive user meta.

Vulnerability Trend

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/76a0a87a-dff0-4a51-bad0-8868c342ecde?source=cvehttps://plugins.trac.wordpress.org/browser/user-shortcodes-plus/trunk/includes/Shortcodes/UserMeta.phphttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook