CVE-2023-4668

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-862
View all →

Vulnerability Description

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths.

Related Vulnerabilities

CVE-2015-20067

HIGH
CVSS:7.5(High)

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on ...

CWE-8622015

CVE-2017-1002006

HIGH
CVSS:7.5(High)

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.

CWE-8622017

CVE-2017-1002007

HIGH
CVSS:7.5(High)

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.

CWE-8622017

CVE-2017-10846

HIGH
CVSS:7.5(High)

Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.

CWE-8622017

CVE-2017-11135

HIGH
CVSS:7.5(High)

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore,...

CWE-8622017

CVE-2017-18666

HIGH
CVSS:7.5(High)

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Applications can send arbitrary premium SMS messages. The Samsung ID is SVE-2017-8701 (June 201...

CWE-8622017