CVE-2023-6289

MEDIUM

Swift Performance Lite <2.3.6.15 - Info Disclosure

Title source: llm

Description

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.

Exploits (1)

nomisec WORKING POC

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2023-6289

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/8c83dd57-9291-4dfc-846d-5ad47534e2ad

Scores

CVSS v3 4.3

EPSS 0.0290

EPSS Percentile 86.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

Status published

Affected Products (1)

swteplugins/swift_performance < 2.3.6.15

Timeline

Published Dec 18, 2023

Tracked Since Feb 18, 2026