Sensitive Information Exposure in WP Simple Shopping Cart Plugin
CVE-2023-1431

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: WordPress Simple Shopping Cart
Vendor: CVE Published:; 16 March 2023

What is CVE-2023-1431?

The WP Simple Shopping Cart plugin for WordPress has a vulnerability that allows unauthenticated attackers to access sensitive shopping cart data stored in a publicly accessible directory. This exposure affects versions up to 4.6.3 and could lead to unauthorized disclosure of personal information such as names, email addresses, and IP addresses, which are meant to be kept confidential within the administrative interface.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WordPress Simple Shopping Cart 4.6.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Mar 16, 2023

Credit

Ayoub Safa

JSON

WordPress

What is CVE-2023-1431?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.