4 matches found
CVE-2023-2623
The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users...
CVE-2023-2623 KiviCare Management System < 3.2.1 - Subscriber+ Sensitive Information Disclosure
The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users...
CVE-2023-2623
CVE-2023-2623 affects the KiviCare WordPress plugin prior to 3.2.1. The flaw allows low-privilege users (e.g., subscribers) to retrieve other users’ sensitive data (e.g., email, hashed passwords) due to insufficient response data filtering. Root cause: information disclosure through unrestricted ...
WordPress KiviCare Plugin < 3.2.1 is vulnerable to Sensitive Data Exposure
Software KiviCare Type Plugin Vulnerable versions 3.2.1 Fixed in 3.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2623 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a87f14ff0aad Credits Erwan LR WPScan Required...