CVE-2023-6289

EUVD-2023-58533
The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
swtepluginsswift_performance
𝑥
< 2.3.6.15
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/8c83dd57-9291-4dfc-846d-5ad47534e2ad
https://wpscan.com/vulnerability/8c83dd57-9291-4dfc-846d-5ad47534e2ad