CVE-2023-2623

The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
iqonickivicare
𝑥
< 3.2.1
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/85cc39b1-416f-4d23-84c1-fdcbffb0dda0
https://wpscan.com/vulnerability/85cc39b1-416f-4d23-84c1-fdcbffb0dda0