CVE-2023-3601

Published: Aug 14, 2023Modified: May 5, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor.

Affected (1)

Products: Webfactoryltd: Simple Author Box

Webfactoryltd

1 product

Simple Author Box

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Webfactoryltd Simple Author Box	Before 2.52

References (2)

https://wpscan.com/vulnerability/c0cc513e-c306-4920-9afb-e33d95a7292f

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/c0cc513e-c306-4920-9afb-e33d95a7292f

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.