CVE-2023-2623 Information

Description

The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users

Reference

https://wpscan.com/vulnerability/85cc39b1-416f-4d23-84c1-fdcbffb0dda0