Lucene search
+L

4 matches found

NVD
NVD
added 2023/06/27 2:15 p.m.26 views

CVE-2023-2623

The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users...

6.5CVSS6.4AI score0.00754EPSS
Exploits2References1
CVE
CVE
added 2023/06/27 1:17 p.m.68 views

CVE-2023-2623

CVE-2023-2623 affects the KiviCare WordPress plugin prior to 3.2.1. The flaw allows low-privilege users (e.g., subscribers) to retrieve other users’ sensitive data (e.g., email, hashed passwords) due to insufficient response data filtering. Root cause: information disclosure through unrestricted ...

6.5CVSS6.4AI score0.00754EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/27 1:17 p.m.14 views

CVE-2023-2623 KiviCare Management System < 3.2.1 - Subscriber+ Sensitive Information Disclosure

The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users...

6.5AI score0.00754EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.11 views

WordPress KiviCare Plugin < 3.2.1 is vulnerable to Sensitive Data Exposure

Software KiviCare Type Plugin Vulnerable versions 3.2.1 Fixed in 3.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2623 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a87f14ff0aad Credits Erwan LR WPScan Required...

6.5CVSS6.4AI score0.00754EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder