CVE-2021-24859

Name of the Vulnerable Software and Affected Versions: User Meta Shortcodes WordPress plugin versions 0.5 and earlier

Description: The issue allows any user with a role as low as contributor to access other users' metadata by specifying the user login as a parameter, making the WordPress instance vulnerable to data extrafiltration, including password hashes.

Recommendations: For versions 0.5 and earlier, consider disabling the shortcode that allows access to user metadata until a patch is available. Restrict access to the user login parameter in the affected shortcode to minimize the risk of exploitation. As a temporary workaround, limit the role of users who can access the shortcode to higher roles than contributor.