4 matches found
CVE-2023-2623
The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users...
CVE-2023-2623
CVE-2023-2623 affects the KiviCare WordPress plugin prior to 3.2.1. The flaw allows low-privilege users (e.g., subscribers) to retrieve other users’ sensitive data (e.g., email, hashed passwords) due to insufficient response data filtering. Root cause: information disclosure through unrestricted ...
CVE-2023-2623 KiviCare Management System < 3.2.1 - Subscriber+ Sensitive Information Disclosure
The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users...
WordPress KiviCare Plugin < 3.2.1 is vulnerable to Sensitive Data Exposure
Software KiviCare Type Plugin Vulnerable versions 3.2.1 Fixed in 3.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2623 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a87f14ff0aad Credits Erwan LR WPScan Required...