Medium severity4.3NVD Advisory· Published Nov 22, 2023· Updated Jun 17, 2026
CVE-2023-4686
CVE-2023-4686
Description
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and trashed posts and pages in addition to other post types such as galleries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:gowebsolutions:wp_customer_reviews:*:*:*:*:*:wordpress:*:*Range: <=3.6.6
- Range: <=3.6.6
Patches
Vulnerability mechanics
References
3- plugins.trac.wordpress.org/changeset/2965656/wp-customer-reviews/trunknvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/24b9984c-ec33-4492-815b-67a21ac4da0envdThird Party Advisory
- plugins.trac.wordpress.org/browser/wp-customer-reviews/trunk/include/admin/wp-customer-reviews-3-admin.phpnvdProduct
News mentions
0No linked articles in our index yet.