CVE-2023-6289

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
swtepluginsswift_performance
𝑥
< 2.3.6.15
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/8c83dd57-9291-4dfc-846d-5ad47534e2ad
https://wpscan.com/vulnerability/8c83dd57-9291-4dfc-846d-5ad47534e2ad