CVE-2023-6695

Name of the Vulnerable Software and Affected Versions Beaver Themer plugin for WordPress versions up to, and including, 1.4.9

Description The issue allows authenticated attackers with contributor access and above to extract sensitive data, including arbitrary user meta values, via the 'wpbb' shortcode. This makes it possible for them to access sensitive information.

Recommendations For versions up to, and including, 1.4.9, consider disabling the 'wpbb' shortcode until a patch is available to prevent exploitation. Restrict access to sensitive data and limit contributor access to minimize the risk of sensitive information exposure.