WordPress Plugin Vulnerabilities

SearchIQ < 4.5 - Unauthenticated Sensitive Information Disclosure

Description

The plugin is vulnerable to unauthorized access of data due to a missing capability check on the getSIQPluginSettings function, allowing unauthenticated attackers to view information such as the plugin settings, theme, and WordPress and PHP version.

Affects Plugins

Plugin icon
searchiq
Fixed in 4.5

References

CVE
CVE-2023-47832
URL
https://patchstack.com/database/vulnerability/searchiq/wordpress-searchiq-plugin-4-4-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
2ffdffec-8ca3-4c2f-b4f9-3df8c4485743

Timeline

Publicly Published
2023-11-16 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-03-14 (about 2 years ago)

Other

Published
Title
Published
2025-06-19
Title
Enhanced Blocks – Page Builder Blocks for Gutenberg <= 1.4.1 - Missing Authorization
Published
2025-03-27
Title
Live Forms < 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update
Published
2025-02-14
Title
Team – Team Members Showcase Plugin < 5.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update
Published
2023-11-21
Title
UserPro < 5.1.5 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template
Published
2026-01-23
Title
LeadConnector < 3.0.22 - Missing Authorization