CVE-2023-51490
WordPress Defender Security Plugin <= 4.1.0 is vulnerable to Sensitive Data Exposure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0.
Exposición de información confidencial a una vulnerabilidad de actor no autorizado en WPMU DEV Defender Security: análisis de malware, seguridad de inicio de sesión y firewall. Este problema afecta a Defender Security: análisis de malware, seguridad de inicio de sesión y firewall: desde n/a hasta 4.1.0.
The Defender Security – Malware Scanner, Login Security & Firewall plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.1.0 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including system and plugin information.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-20 CVE Reserved
- 2023-12-27 CVE Published
- 2024-08-02 CVE Updated
- 2025-01-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wpmudev Search vendor "Wpmudev" | Defender Security Search vendor "Wpmudev" for product "Defender Security" | <= 4.1.0 Search vendor "Wpmudev" for product "Defender Security" and version " <= 4.1.0" | wordpress |
Affected
| ||||||