Vulnerability Description
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and trashed posts and pages in addition to other post types such as galleries.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gowebsolutions | Wp Customer Reviews | <= 3.6.6 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/wp-customer-reviews/trunk/include/admProduct
- https://plugins.trac.wordpress.org/changeset/2965656/wp-customer-reviews/trunk?cPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/24b9984c-ec33-4492-815Third Party Advisory
- https://plugins.trac.wordpress.org/browser/wp-customer-reviews/trunk/include/admProduct
- https://plugins.trac.wordpress.org/changeset/2965656/wp-customer-reviews/trunk?cPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/24b9984c-ec33-4492-815Third Party Advisory
FAQ
What is CVE-2023-4686?
CVE-2023-4686 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated a...
How severe is CVE-2023-4686?
CVE-2023-4686 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4686?
Check the references section above for vendor advisories and patch information. Affected products include: Gowebsolutions Wp Customer Reviews.