CVE-2023-47668: 
WordPress vulnerability analysis and mitigation

The Membership Plugin – Restrict Content plugin for WordPress contains a Sensitive Information Exposure vulnerability (CVE-2023-47668) affecting all versions up to and including 3.2.7. The vulnerability was discovered on November 6, 2023, and was fixed in version 3.2.8 (Patchstack, WPScan).

The vulnerability is related to a legacy log file that could expose sensitive information including debug data to unauthenticated attackers. It has been assigned a CVSS v3.1 score of 5.3 (Medium) by Patchstack and 7.5 (High) by NVD, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified as CWE-200: Exposure of Sensitive Information to an Unauthorized Actor (Patchstack).

This vulnerability could allow unauthenticated attackers to access and extract sensitive data, including debug information that is normally not accessible to regular users. This exposed information could potentially be used to exploit other weaknesses in the system (Patchstack).

Users are advised to update to version 3.2.8 or later of the Restrict Content plugin to resolve this vulnerability. For Patchstack users, virtual patching is available to mitigate this issue by blocking potential attacks until the update can be applied (Patchstack).