WordPress Plugin Vulnerabilities

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.0 - Insecure Direct Object Reference to Information Disclosure

Description

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin.

Affects Plugins

Plugin icon
shortcodes-ultimate
Fixed in 7.0.0

References

CVE
CVE-2023-6226
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/4d936a48-b300-4a41-8d28-ba34cb3c5cb7

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Francesco Carlucci
Verified
No
WPVDB ID
87f9629f-ded5-46c1-b374-c42499f94ae7

Timeline

Publicly Published
2023-11-27 (about 2 years ago)
Added
2023-11-29 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2024-06-18
Title
Replace Image < 1.1.11 - Insecure Direct Object Reference
Published
2024-11-12
Title
BuddyPress Builder for Elementor – BuddyBuilder < 1.8.0 - Contributor+ Post Disclosure
Published
2023-08-07
Title
All Users Messenger <= 1.24 - Subscriber+ Message Deletion via IDOR
Published
2024-02-05
Title
Minimal Coming Soon – Coming Soon Page < 2.38 - Unauthenticated Maintenance Mode Bypass
Published
2025-02-14
Title
RTMKit < 1.6.8 - Authenticated (Contributor+) Insecure Direct Object Reference