CVE-2023-6289
Description
The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.
NVD
Severity: MEDIUM
CVE ID: CVE-2023-6289
CVSS Score: 4.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Proof Of Concept
RandomRobbieBF
Swift Performance Lite <= 2.3.6.14 - Missing Authorization to Unauthenticated Settings Export
Refrence: GitHub