The plugin registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes
As a contributor, put the following shortcode in a post/page [otheruserinfo login="admin" field="user_pass"][/otheruserinfo]
Francesco Carlucci
Francesco Carlucci
Yes
2021-11-15 (about 6 months ago)
2021-11-15 (about 6 months ago)
2022-04-08 (about 1 months ago)