WordPress Plugin Vulnerabilities

DoLogin Security < 3.7.1 - Subscriber+ IP Address leak

Description

The plugin does not restrict the access of a widget that shows the IPs of failed logins to low privileged users.

Proof of Concept

Affects Plugins

Plugin icon
dologin
Fixed in 3.7.1

References

CVE
CVE-2023-4800

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Bartlomiej Marek and Tomasz Swiadek
Submitter
Bartlomiej Marek
Verified
Yes
WPVDB ID
7eae1434-8c7a-4291-912d-a4a07b73ee56

Timeline

Publicly Published
2023-09-21 (about 2 years ago)
Added
2023-09-21 (about 2 years ago)
Last Updated
2023-09-21 (about 2 years ago)

Other

Published
Title
Published
2024-06-28
Title
Advanced File Manager < 5.2.5 - Sensitive Information Exposure via Directory Listing
Published
2024-05-06
Title
GDPR Compliance <= 1.2.5 - Authenticated (Subscriber+) Information Exposure
Published
2025-10-20
Title
ACF to REST API <= 3.3.4 - Unauthenticated Information Exposure
Published
2025-08-14
Title
B Slider - Gutenberg Slider Block for WP < 2.0.1 - Authenticated (Subscriber+) Sensitive Information Exposure
Published
2024-10-21
Title
News Kit Elementor Addons < 1.2.2 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Elementor Template