QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24824

Published: Mar 7, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved

Vendor	Product	Versions
Unknown	Custom Content Shortcode	affected `4.0.1 - < 4.0.1`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/7b4d4675-6089-4435-9b56-31496adc4767

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.