CVE-2023-44982: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2023-44982) affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina) WordPress plugin through version 6.4.5. This security issue was discovered and reported by Joshua Chan, involving sensitive information exposure to unauthorized actors via log file vulnerability (Patchstack).

The vulnerability is classified as a Sensitive Data Exposure issue with a CVSS v3.1 base score of 7.5 (HIGH) according to NIST, while Patchstack rates it at 5.3 (MEDIUM). The vulnerability is tracked under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and involves guessable log file names that could potentially expose sensitive information (NVD, WPScan).

The vulnerability allows unauthenticated attackers to extract sensitive data from the system due to guessable log file names. This could potentially lead to unauthorized access to sensitive information that is normally not available to regular users, which might be leveraged to exploit other weaknesses in the system (Patchstack).

The vulnerability has been fixed in version 6.4.6 of the Perfect Images plugin. Users are advised to update to version 6.4.6 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).