CVE-2023-6289

MEDIUM

Swift Performance Lite <2.3.6.15 - Info Disclosure

Title source: llm

Description

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.

Exploits (1)

nomisec WORKING POC

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2023-6289

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/8c83dd57-9291-4dfc-846d-5ad47534e2ad

Scores

CVSS v3 4.3

EPSS 0.0290

EPSS Percentile 86.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

Status published

Products (1)

swteplugins/swift_performance < 2.3.6.15

Published Dec 18, 2023

Tracked Since Feb 18, 2026