CVE-2023-2623: KiviCare Management System < 3.2.1 - Subscriber+ Sensitive Information Disclosure

0.0 CVSS

Description

The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users

Classification

CVE ID: CVE-2023-2623

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Unknown

Product: KiviCare

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 33.25% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://wpscan.com/vulnerability/85cc39b1-416f-4d23-84c1-fdcbffb0dda0

Timeline

2024-11-28 00:10:59 UTC
CVE

KiviCare Management System < 3.2.1 - Subscriber+ Sensitive Information Disclosure