exploitDog

CVE-2023-2623

Опубликовано: 27 июн. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users

Ссылки

https://wpscan.com/vulnerability/85cc39b1-416f-4d23-84c1-fdcbffb0dda0
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/85cc39b1-416f-4d23-84c1-fdcbffb0dda0
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iqonic:kivicare:*:*:*:*:*:wordpress:*:*

Версия до 3.2.1 (исключая)

EPSS

Процентиль: 51%

0.00276

Низкий

6.5 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-c75r-2gqr-7xhr

CVSS3: 6.5

github

больше 2 лет назад

The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users

EPSS

Процентиль: 51%

0.00276

Низкий

6.5 Medium

CVSS3

Дефекты