CVE-2023-3601

Name of the Vulnerable Software and Affected Versions The Simple Author Box WordPress plugin versions prior to 2.52

Description The issue is related to the disclosure of arbitrary user information due to a lack of verification of the user ID before outputting information about that user. This can be exploited by users with a role as low as Contributor.

Recommendations For versions prior to 2.52, update to version 2.52 or later to resolve the issue. As a temporary workaround, consider restricting access to user information for users with low roles, such as Contributor, until the update is applied.