Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access
Vulnerability Description
The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
WordPress 插件安全漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 的Page/Post Content Shortcode 插件 1.0及之前版本存在安全漏洞,该漏洞源于未适当的授权。攻击者可利用该漏洞访问不应允许访问的草稿/私人/密码保护/垃圾帖子/页面,包括管理员和编辑等其他用户创建的帖子。
CVSS Information
N/A
Vulnerability Type
N/A