CVE-2023-44150
WordPress ProfilePress Plugin <= 4.13.2 is vulnerable to Sensitive Data Exposure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2.
Exposición de información confidencial a una vulnerabilidad de actor no autorizado en el complemento de membresía paga del equipo de membresía de ProfilePress, comercio electrónico, formulario de registro, formulario de inicio de sesión, perfil de usuario y contenido restringido: ProfilePress. Este problema afecta el complemento de membresía paga, el comercio electrónico, el formulario de registro, el formulario de inicio de sesión y el perfil de usuario. & Restringir contenido – ProfilePress: desde n/a hasta 4.13.2.
The ProfilePress plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.13.2 via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. CVE-2023-50882 appears to be a potential duplicate of this issue.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-09-26 CVE Reserved
- 2023-10-02 CVE Published
- 2024-08-02 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-2-sensitive-data-exposure-via-debug-log-vulnerability?_s_id=cve | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Properfraction Search vendor "Properfraction" | Profilepress Search vendor "Properfraction" for product "Profilepress" | < 4.13.3 Search vendor "Properfraction" for product "Profilepress" and version " < 4.13.3" | wordpress |
Affected
|