CVE-2023-5134

Easy Registration Forms <= 2.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive user meta.

Easy Registration Forms para WordPress es vulnerable a la Divulgación de Información a través del código corto 'erforms_user_meta' en versiones hasta la 2.1.1 inclusive debido a controles insuficientes sobre la información recuperable a través del código corto. Esto hace posible que atacantes autenticados, con capacidades de nivel de suscriptor o superior, recuperen metadatos de usuario sensibles y arbitrarios.

*Credits: Lana Codes

CVSS Scores

Wordfencev3.1 4.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-09-22 CVE Reserved
2023-09-22 CVE Published
2024-08-02 CVE Updated
2024-09-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (2)

URL	Tag	Source
https://www.wordfence.com/threat-intel/vulnerabilities/id/562fe11f-36a0-4f23-9eed-50ada7ab2961?source=cve	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://plugins.trac.wordpress.org/browser/easy-registration-forms/tags/2.1.1/includes/class-user.php#L835	2023-11-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Easyregistrationforms Search vendor "Easyregistrationforms"		Easy Registration Forms Search vendor "Easyregistrationforms" for product "Easy Registration Forms"				<= 2.1.1 Search vendor "Easyregistrationforms" for product "Easy Registration Forms" and version " <= 2.1.1"		wordpress		Affected