WordPress Authors List Plugin Sensitive Information Exposure Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the Authors List plugin for WordPress, affecting all versions through 2.0.6.1. The issue arises from the Authors_List_Shortcode class, where authenticated attackers with Contributor-level access and above can exploit arbitrary method calls. This exploitation allows the extraction of sensitive user data, including password hashes, email addresses, usernames, and activation keys, through specially crafted shortcode attributes.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user information, including password hashes, which could be used to compromise user accounts.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can use a shortcode that includes specific attributes designed to invoke the 'get_meta' method. This method call will retrieve sensitive user data such as password hashes, email addresses, usernames, and activation keys.

Remediation

No known patch is available for this vulnerability. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.