CVE-2023-5713

Name of the Vulnerable Software and Affected Versions System Dashboard plugin for WordPress versions up to, and including, 2.8.7

Description The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd option value() function hooked via an AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values.

Recommendations For versions up to, and including, 2.8.7, update to a version higher than 2.8.7 to resolve the issue. As a temporary workaround, consider disabling the sd option value() function until a patch is available. Restrict access to the AJAX action that hooks the sd option value() function to minimize the risk of exploitation.