CVE-2023-6226
WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin.
El complemento WP Shortcodes: el complemento Shortcodes Ultimate para WordPress es vulnerable a la referencia directa de objetos inseguros en todas las versiones hasta la 5.13.3 incluida a través del código corto su_meta debido a la falta de validación en las claves controladas por el usuario 'key' y 'post_id'. Esto hace posible que atacantes autenticados, con acceso de nivel de colaboradores y superiores, recuperen metavalores de publicaciones arbitrarias que pueden contener información confidencial cuando se combinan con otro complemento.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-20 CVE Reserved
- 2023-11-27 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-10-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/meta.php | 2024-08-02 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Getshortcodes Search vendor "Getshortcodes" | Shortcodes Ultimate Search vendor "Getshortcodes" for product "Shortcodes Ultimate" | < 7.0.0 Search vendor "Getshortcodes" for product "Shortcodes Ultimate" and version " < 7.0.0" | wordpress |
Affected
|