Skip to main content

CVE-2023-6289

Description

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.

NVD
Severity: MEDIUM
CVE ID: CVE-2023-6289
CVSS Score: 4.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Refrence: NVDMITRE

Proof Of Concept

RandomRobbieBF

Swift Performance Lite <= 2.3.6.14 - Missing Authorization to Unauthenticated Settings Export

Refrence: GitHub

Tags:
Last updated on by Vulnerability_bot_v1.3.8