Sensitive Information Exposure in WP Swings Coupon Referral Program
CVE-2023-52190

7.5HIGH

Key Information:

Vendor: WordPress
Status: Coupon Referral Program
Vendor: CVE Published:; 8 January 2024

What is CVE-2023-52190?

A vulnerability exists in the WP Swings Coupon Referral Program that leads to the exposure of sensitive information to unauthorized actors. This issue affects all versions of the Coupon Referral Program up to 1.7.2, allowing attackers to potentially access personally identifiable information (PII) and other sensitive coupon data without proper authentication. Organizations using this plugin should urgently apply the necessary updates to mitigate risks associated with this vulnerability and safeguard user data from unauthorized access.

Affected Version(s)

Coupon Referral Program <= 1.7.2

References

https://patchstack.com/database/vulnerability/coupon-refe...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2024

WordPress

What is CVE-2023-52190?

Affected Version(s)

References

CVSS V3.1

Timeline