CVE-2023-6289

Name of the Vulnerable Software and Affected Versions Swift Performance Lite versions prior to 2.3.6.15

Description The issue is related to the insufficient authorization procedure in the admin init() function of the Swift Performance Lite WordPress plugin. This may allow a remote attacker to gain unauthorized access to protected information. The plugin's settings, which can include sensitive information such as Cloudflare API tokens, can be exported by users.

Recommendations For versions prior to 2.3.6.15, update to version 2.3.6.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings export functionality to minimize the risk of exploitation.