Medium severity4.3NVD Advisory· Published Mar 7, 2022· Updated Jun 17, 2026
CVE-2021-24824
CVE-2021-24824
Description
The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Custom Content Shortcode WordPress plugindescription
- Range: <4.0.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/7b4d4675-6089-4435-9b56-31496adc4767nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.