CVE-2023-4917: 
WordPress vulnerability analysis and mitigation

The Leyka WordPress plugin contains a Sensitive Information Exposure vulnerability (CVE-2023-4917) affecting versions up to and including 3.30.3. The vulnerability was discovered in the 'leykaajaxgetenvand_options' function and was publicly disclosed on September 12, 2023. This security issue affects the Leyka plugin, which is a WordPress extension (NVD CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) by NIST and 5.3 (Medium) by Wordfence. The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating that it requires network access and low privileges to exploit, with no user interaction needed. The impact primarily affects confidentiality, with no impact on integrity or availability (NVD CVE).

When exploited, this vulnerability allows authenticated attackers with subscriber-level permissions or higher to extract sensitive data from the system. The exposed sensitive information includes Sberbank API key and password, PayPal Client Secret, and various other keys and passwords (CVE Mitre).

Users should upgrade their Leyka plugin to a version newer than 3.30.3 to mitigate this vulnerability (NVD CVE).