mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 06:55:56 +02:00
0xMarcio
857 B
857 B
CVE-2021-24859
Description
The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes
POC
Reference
Github
No PoCs found on GitHub currently.