CVE-2023-4800

MEDIUM

DoLogin Security WP <3.7.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-4800. PoCs published by b0marek.

AI-analyzed exploit summary This repository provides a detailed description of CVE-2023-4800, a missing authorization vulnerability in the DoLogin Security WordPress plugin. It explains the vulnerability type, affected versions, and references external sources for further details.

Description

The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users.

Exploits (1)

nomisec WRITEUP

by b0marek · poc

https://github.com/b0marek/CVE-2023-4800

View Code ZIP pw:eip

This repository provides a detailed description of CVE-2023-4800, a missing authorization vulnerability in the DoLogin Security WordPress plugin. It explains the vulnerability type, affected versions, and references external sources for further details.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: DoLogin Security WordPress plugin (versions up to and including 3.7)

Auth required

Prerequisites: Authenticated access to WordPress dashboard

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/7eae1434-8c7a-4291-912d-a4a07b73ee56

Scores

CVSS v3 6.5

EPSS 0.0086

EPSS Percentile 53.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

Status published

Products (1)

wpdo/dologin_security < 3.7.1

Published Oct 16, 2023

Tracked Since Feb 18, 2026