Lucene search
HistoryOct 16, 2023 - 8:15 p.m.
CVE-2023-4800
dologin security
wordpress
unauthorized access
failed logins
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
21.4%
The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users.
Affected configurations
Node
wpdodologin_securityRange<3.7.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpdo | dologin_security | * | cpe:2.3:a:wpdo:dologin_security:*:*:*:*:*:wordpress:*:* |
Related
cve
cve
CVE-2023-4800
2023-10-16 20:15:16
cvelist
cvelist
CVE-2023-4800 DoLogin Security < 3.7.1 - Subscriber+ IP Address leak
2023-10-16 19:39:19
wpexploit
wpexploit
DoLogin Security < 3.7.1 - Subscriber+ IP Address leak
2023-09-21 00:00:00
wpvulndb
wpvulndb
DoLogin Security < 3.7.1 - Subscriber+ IP Address leak
2023-09-21 00:00:00
prion
prion
Code injection
2023-10-16 20:15:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
21.4%
Related for NVD:CVE-2023-4800