Unauthorized Access Vulnerability in System Dashboard Plugin for WordPress
CVE-2023-5711
4.3MEDIUM
Summary
The System Dashboard plugin for WordPress contains a security vulnerability that allows authenticated users with subscriber-level access or higher to exploit a missing capability check in the sd_php_info() function. This flaw, present in all versions up to 2.8.7, exposes sensitive information from PHP info, potentially leading to unauthorized data disclosure. Administrators are advised to ensure they are running the latest version and apply security best practices to mitigate risks.
Affected Version(s)
System Dashboard * <= 2.8.7
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dmitrii Ignatyev