How severe is CVE-2023-2916?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-2916?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2023-2916 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.

Related Vulnerabilities

CVE-2016-11006

MEDIUM

CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.

CWE-6682016

CVE-2016-11007

MEDIUM

CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.

CWE-6682016

CVE-2016-11008

MEDIUM

CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.

CWE-6682016

CVE-2016-11009

MEDIUM

CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.

CWE-6682016

CVE-2016-11010

MEDIUM

CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.

CWE-6682016

CVE-2016-5334

MEDIUM

CVSS:5.3(Medium)

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

CWE-6682016