CVE-2023-0890

Published: Mar 20, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of protected posts

Affected (1)

Products: Getshortcodes: Shortcodes Ultimate

1 product

Shortcodes Ultimate

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Getshortcodes Shortcodes Ultimate	Before 5.12.8

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://wpscan.com/vulnerability/8a466f15-f112-4527-8b02-4544a8032671

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/8a466f15-f112-4527-8b02-4544a8032671

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.