CVE-2023-5714

Name of the Vulnerable Software and Affected Versions System Dashboard plugin for WordPress versions up to, and including, 2.8.7

Description The issue allows unauthorized access of data due to a missing capability check on the sd db specs() function hooked via an AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs.

Recommendations For versions up to, and including, 2.8.7, update to a version higher than 2.8.7 to resolve the issue. As a temporary workaround, consider disabling the sd db specs() function until a patch is available.