Vulnerability Description
The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acurax | Under Construction \/ Maintenance Mode | <= 2.6 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/coming-soon-maintenance-mode-from-acuProduct
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2a75f4eb-698b-4c92-982Third Party Advisory
- https://plugins.trac.wordpress.org/browser/coming-soon-maintenance-mode-from-acuProduct
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2a75f4eb-698b-4c92-982Third Party Advisory
FAQ
What is CVE-2023-6922?
CVE-2023-6922 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' funct...
How severe is CVE-2023-6922?
CVE-2023-6922 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6922?
Check the references section above for vendor advisories and patch information. Affected products include: Acurax Under Construction \/ Maintenance Mode.