4 matches found
CVE-2023-4686
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...
CVE-2023-4686 WP Customer Reviews <= 3.6.6 - Authenticated (Subscriber+) Sensitive Information Exposure
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...
CVE-2023-4686
CVE-2023-4686 affects the WordPress WP Customer Reviews plugin up to and including version 3.6.6. The vulnerability, exposed by the ajax_enabled_posts function, allows authenticated users to retrieve sensitive data (post titles and slugs) including protected/trashed posts and other post types (e....
WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure
Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07af2f4a4fb5 Credits Marco Wotschka Required...