Unauthorized Access Vulnerability in System Dashboard Plugin for WordPress
CVE-2023-5711

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: System Dashboard
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-5711?

The System Dashboard plugin for WordPress contains a security vulnerability that allows authenticated users with subscriber-level access or higher to exploit a missing capability check in the sd_php_info() function. This flaw, present in all versions up to 2.8.7, exposes sensitive information from PHP info, potentially leading to unauthorized data disclosure. Administrators are advised to ensure they are running the latest version and apply security best practices to mitigate risks.

Affected Version(s)

System Dashboard * <= 2.8.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/system-dashboa...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Oct 23, 2023

Credit

Dmitrii Ignatyev