Medium severity4.3NVD Advisory· Published Nov 28, 2023· Updated Apr 8, 2026
CVE-2023-6226
CVE-2023-6226
Description
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:getshortcodes:shortcodes_ultimate:*:*:*:*:*:wordpress:*:*Range: <7.0.0
- Range: <=5.13.3
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.