4 matches found
CVE-2023-6289
The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens...
CVE-2023-6289 Swift Performance Lite <= 2.3.6.14 - Unauthenticated Configuration Export
The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens...
CVE-2023-6289
CVE-2023-6289 affects the WordPress plugin Swift Performance Lite up to version 2.3.6.14. Root cause: missing authorization check on an admin-ajax exported function (luv-action export) via admin_init, allowing unauthenticated retrieval of plugin settings that may include Cloudflare API tokens. Im...
WordPress Swift Performance Lite Plugin <= 2.3.6.14 is vulnerable to Broken Access Control
Software Swift Performance Lite Type Plugin Vulnerable versions = 2.3.6.14 Fixed in 2.3.6.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6289 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4c96690d3565 Credits Krzysztof Zając...