CVE-2021-24859 — MEDIUM (4.3)

Q: How severe is CVE-2021-24859?

CVE-2021-24859 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-24859?

Check the references section above for vendor advisories and patch information. Affected products include: User Meta Shortcodes Project User Meta Shortcodes.

Vulnerability Description

The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
User Meta Shortcodes Project	User Meta Shortcodes	<= 0.5

Related Weaknesses (CWE)

CWE-284

References

https://wpscan.com/vulnerability/958f44a5-07e7-4349-9212-2a039a082ba0ExploitThird Party Advisory
https://wpscan.com/vulnerability/958f44a5-07e7-4349-9212-2a039a082ba0ExploitThird Party Advisory

FAQ

What is CVE-2021-24859?

CVE-2021-24859 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a para...

How severe is CVE-2021-24859?

CVE-2021-24859 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24859?

Check the references section above for vendor advisories and patch information. Affected products include: User Meta Shortcodes Project User Meta Shortcodes.