Unrated severityNVD Advisory· Published Aug 14, 2023· Updated May 5, 2025

Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR

CVE-2023-3601

Description

The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Simple Author Boxdescription
WordPress/Simple Author Boxllm-create
Range: <2.52

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/c0cc513e-c306-4920-9afb-e33d95a7292fmitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000