CVE-2023-4686
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and trashed posts and pages in addition to other post types such as galleries.
We have discovered 587 live websites that are affected by CVE-2023-4686.
Affected Software
| Product |  WP Customer Reviews |
| Category | Wordpress Plugins |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 46 |
| Vulnerable Domains | 587 live websites (59.65% of WP Customer Reviews install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-4686 and the relative popularity of websitesDetails
- Published - Nov 22, 2023
- Updated - Nov 22, 2023
Credits
- Marco Wotschka (finder)
CVE References
CWE References
Countries
 United States | 282 websites |
 GB | 49 websites |
 Russia | 42 websites |
 Japan | 41 websites |
 Germany | 26 websites |
 France | 26 websites |
 Netherlands | 17 websites |
 Italy | 11 websites |
 Australia | 10 websites |
 Canada | 9 websites |
TLDs
| .com | 339 websites |
| .ru | 37 websites |
| .co.uk | 34 websites |
| .org | 25 websites |
| .net | 20 websites |
| .nl | 14 websites |
| .jp | 11 websites |
| .fr | 11 websites |
| .de | 9 websites |
| .it | 8 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-4686 through included software libraries and plugins.References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/24b9984c-ec33-4492-815b-67a21ac4da0e?source=cve
- https://plugins.trac.wordpress.org/browser/wp-customer-reviews/trunk/include/admin/wp-customer-reviews-3-admin.php?rev=2617376#L866
- https://plugins.trac.wordpress.org/changeset/2965656/wp-customer-reviews/trunk?contextall=1&old=2882143&old_path=%2Fwp-customer-reviews%2Ftrunk
Websites affected by CVE-2023-4686
Top websites that are affected by CVE-2023-4686. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********************.com | United States | **,*** | |
| ***.**********************.com | United States | ***,*** | |
| ***.******************.com | United States | ***,*** | |
| ******.com | United States | ***,*** | |
| ******.nl | Netherlands | ***,*** | |
| ***.************.com | Germany | ***,*** | |
| **************.org | United States | ***,*** | |
| ******************.com | Japan | ***,*** | |
| **********.de | Germany | ***,*** | |
| ****************.com | United States | ***,*** |