CVE-2023-6226

The WP Shortcodes Plugin  Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
WordfenceCNA
4.3 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
getshortcodesshortcodes_ultimate
𝑥
< 7.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/meta.php
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3000576%40shortcodes-ultimate&new=3000576%40shortcodes-ultimate&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/4d936a48-b300-4a41-8d28-ba34cb3c5cb7?source=cve
https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/meta.php
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3000576%40shortcodes-ultimate&new=3000576%40shortcodes-ultimate&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/4d936a48-b300-4a41-8d28-ba34cb3c5cb7?source=cve