Giters

b0marek / CVE-2023-4800

Repository for CVE-2023-4800 vulnerability.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE ID: CVE-2023-4800

Vulnerability Type: Sensitive Data Exposure

Description: The DoLogin Security plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dashboard widget in versions up to, and including, 3.7. This makes it possible for authenticated attackers to view the login attempts log.

Steps to reproduce: Enable the plugin and navigate to dashboard as authorized user.

Reference:

  1. https://wpscan.com/vulnerability/7eae1434-8c7a-4291-912d-a4a07b73ee56
  2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4800
  3. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/dologin/dologin-security-37-missing-authorization-on-dashboard-widget

About

Repository for CVE-2023-4800 vulnerability.