CVE-2024-1330 – Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access
https://notcve.org/view.php?id=CVE-2024-1330
The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. El complemento de WordPress kadence-blocks-pro anterior a 2.3.8 no impide que los usuarios con al menos el rol de colaborador utilicen algunas de las funcionalidades de su código corto para filtrar opciones arbitrarias de la base de datos. The Kadence Blocks Pro plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.3.7 via the kb-dynamic shortcode. This makes it possible for unauthenticated attackers to extract potentially sensitive data from plugin options. • https://wpscan.com/vulnerability/1988815b-7a53-4657-9b1c-1f83c9f9ccfd • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •