CVE-2023-6922

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 28, 2024

Summary

CVE-2023-6922 is a vulnerability affecting the Under Construction / Maintenance Mode feature in the Acurax plugin for WordPress. This issue, present in versions 2.6 and below, exposes sensitive information through the 'acx_csma_subscribe_ajax' function. Authenticated attackers can exploit this flaw to obtain names and email addresses of subscribed visitors. This vulnerability can potentially lead to privacy violations and should be addressed by plugin users by upgrading to the latest version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t2J_Jn
https://www.cve.org/CVERecord?id=CVE-2023-6922
https://nvd.nist.gov/vuln/detail/CVE-2023-6922

Back to Vulnerability Database

CVE-2023-6922

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations