Ultimate Dashboard Vulnerability Allows Unauthorized Access to Sensitive Information
CVE-2023-49822

3.7LOW

Key Information:

Vendor
WordPress
Status
Ultimate Dashboard
Vendor
CVE Published:
4 June 2024

Summary

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through 3.7.10.

Affected Version(s)

Ultimate Dashboard <= 3.7.10

References

https://patchstack.com/database/vulnerability/ultimate-da...
vdb-entry

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Naveen Muthusamy (Patchstack Alliance)
.