CVE-2023-6289

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
swtepluginsswift_performance
𝑥
< 2.3.6.15
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/8c83dd57-9291-4dfc-846d-5ad47534e2ad
https://wpscan.com/vulnerability/8c83dd57-9291-4dfc-846d-5ad47534e2ad