WordPress Plugin Vulnerabilities

Image Source Control < 2.17.1 - Sensitive Information Exposure via Log File

Description

The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.0 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including system and plugin configuration..

Affects Plugins

Plugin icon
image-source-control-isc
Fixed in 2.17.1

References

CVE
CVE-2023-52187
URL
https://patchstack.com/database/vulnerability/image-source-control-isc/wordpress-image-source-control-lite-plugin-2-17-0-sensitive-data-exposure-via-log-file-vulnerability

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Joshua Chan
Verified
No
WPVDB ID
a507b2bd-6466-4bba-bd96-401f959f72ce

Timeline

Publicly Published
2023-12-29 (about 2 years ago)
Added
2024-01-05 (about 2 years ago)
Last Updated
2024-01-05 (about 2 years ago)

Other

Published
Title
Published
2025-06-10
Title
WP-DownloadManager < 1.68.11 - Authenticated (Administrator+) Arbitrary File Read
Published
2025-09-22
Title
Envíos Coordinadora Woocommerce <= 1.1.32 - Unauthenticated Sensitive Information Exposure
Published
2024-08-01
Title
Forminator < 1.29.2 - HubSpot Developer API Key Sensitive Information Exposure
Published
2026-02-02
Title
Spectra Gutenberg Blocks < 2.19.18 - Unauthenticated Information Disclosure in Sensitive Data
Published
2023-09-11
Title
WooCommerce < 7.9.0 - Sensitive Information Exposure