WordPress Plugin Vulnerabilities
Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access
Description
The plugin does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database.
Proof of Concept
1. ADMIN: Install Kadence Blocks Pro 2. CONTRIBUTOR: Add shortcode to any post and specify/guess the option name and save 3. CONTRIBUTOR: Preview the post and see option you shouldn't have access to Example shortcode: `[kb-dynamic para="kb_custom_input" custom="active_plugins" field="site|custom_setting"]`
Affects Plugins
References
CVE
Classification
Type
ACCESS CONTROLS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Scott Kingsley Clark
Submitter
Scott Kingsley Clark
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-06-06 (about 25 days ago)
Added
2024-06-06 (about 25 days ago)
Last Updated
2024-06-06 (about 25 days ago)