CVE-2021-24824
Custom Content Shortcode < 4.0.1 - Unauthorised Arbitrary Post Metadata Access
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
07 Mar 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved
Affected products
Unknown · Custom Content ShortcodeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →