Kylebjohnson

kylebjohnson

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

User Shortcodes Plus

user_shortcodes_plus

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-6969 1Kylebjohnson 1User Shortcodes Plus Apr 8, 2026 Mar 13, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key....Show more The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive user meta.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2023-6969

1Kylebjohnson

1User Shortcodes Plus

Apr 8, 2026

Mar 13, 2024

N/A· v4

4.3 MEDIUM· v3

N/A· v2

The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive user meta.Show less