CVE-2023-49762: 
WordPress vulnerability analysis and mitigation

A sensitive data exposure vulnerability was identified in the WordPress plugin AppMySite – Create an app with the Best Mobile App Builder, affecting versions up to 3.11.0. The vulnerability was discovered by researcher Mika and was assigned CVE-2023-49762 on December 4, 2023 (Patchstack).

The vulnerability is classified as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200). It received a CVSS v3.1 base score of 7.5 (HIGH) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, while Patchstack assigned a CVSS score of 5.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability can be exploited without authentication (NVD).

This vulnerability could allow malicious actors to access sensitive information that is normally restricted from regular users. This exposed data could potentially be leveraged to exploit other weaknesses in the system (Patchstack).

The vulnerability has been fixed in version 3.11.1 of the plugin. Users are advised to update to version 3.11.1 or later to remediate this security issue. Patchstack has also issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).