CVE-2023-4800

Name of the Vulnerable Software and Affected Versions DoLogin Security WordPress plugin versions prior to 3.7.1

Description The issue concerns the DoLogin Security WordPress plugin, which does not restrict access to a widget showing IPs of failed logins to low-privileged users. This could potentially allow unauthorized access to sensitive information.

Recommendations For versions prior to 3.7.1, update to version 3.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the widget that displays failed login IPs to high-privileged users only.