CVE-2021-24824

Published: Mar 7, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved

Affected (1)

Products: Custom Content Shortcode Project: Custom Content Shortcode

Custom Content Shortcode Project

1 product

Custom Content Shortcode

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Custom Content Shortcode Project Custom Content Shortcode	Before 4.0.1

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://wpscan.com/vulnerability/7b4d4675-6089-4435-9b56-31496adc4767

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/7b4d4675-6089-4435-9b56-31496adc4767

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.