CVE-2023-0911: Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure
First published: Mon Mar 20 2023(Updated: )
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Shortcodes Ultimate by Vova Anokhin | <5.12.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this WordPress plugin vulnerability?
The vulnerability ID for this WordPress plugin vulnerability is CVE-2023-0911.
What is the severity of CVE-2023-0911?
CVE-2023-0911 has a severity level of medium (6.5).
What is the affected software for CVE-2023-0911?
The affected software for CVE-2023-0911 is the Shortcodes Ultimate WordPress plugin version up to 5.12.8.
How does the vulnerability in Shortcodes Ultimate WordPress plugin allow unauthorized access to user meta?
The vulnerability allows any authenticated users, such as subscribers, to retrieve arbitrary user meta (except the user_pass) via the user shortcode in the plugin.
Where can I find more information about CVE-2023-0911?
You can find more information about CVE-2023-0911 at the following reference: https://wpscan.com/vulnerability/35404d16-7213-4293-ac0d-926bd6c17444.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/getshortcodes
- canonical/shortcodes ultimate by vova anokhin