CVE-2023-6289

MEDIUM

Swift Performance Lite <2.3.6.15 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-6289. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary This PoC demonstrates an unauthenticated settings export vulnerability in Swift Performance Lite WordPress plugin <= 2.3.6.14. The exploit leverages a missing capability check to export plugin settings, potentially exposing sensitive data like Cloudflare API tokens.

Description

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.

Exploits (1)

nomisec WORKING POC

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2023-6289

View Code ZIP pw:eip

This PoC demonstrates an unauthenticated settings export vulnerability in Swift Performance Lite WordPress plugin <= 2.3.6.14. The exploit leverages a missing capability check to export plugin settings, potentially exposing sensitive data like Cloudflare API tokens.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Swift Performance Lite WordPress plugin <= 2.3.6.14

No auth needed

Prerequisites: WordPress site with Swift Performance Lite plugin <= 2.3.6.14 installed

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/8c83dd57-9291-4dfc-846d-5ad47534e2ad

Scores

CVSS v3 4.3

EPSS 0.0092

EPSS Percentile 55.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

Status published

Products (1)

swteplugins/swift_performance < 2.3.6.15

Published Dec 18, 2023

Tracked Since Feb 18, 2026