CVE-2023-3601

CVSS 3.1 Score 7.4 of 10 (high)

Details

Published Aug 14, 2023

Updated: Nov 7, 2023

CWE ID 73

Summary

CVE-2023-3601 is a vulnerability affecting the Simple Author Box plugin for WordPress before version 2.52. This issue permits users with a Contributor role to disclose arbitrary user information due to the plugin's failure to validate user IDs before displaying related information. This oversight could potentially expose sensitive data, compromising the security of WordPress sites using the vulnerable plugin. Users are advised to update the plugin to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tyBY1d
https://www.cve.org/CVERecord?id=CVE-2023-3601
https://nvd.nist.gov/vuln/detail/CVE-2023-3601

Back to Vulnerability Database

CVE-2023-3601

CVSS 3.1 Score 7.4 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations