CVE-2023-51406: 
WordPress vulnerability analysis and mitigation

A sensitive information exposure vulnerability was identified in Ninja Team's FastDup – Fastest WordPress Migration & Duplicator plugin, affecting versions up to and including 2.1.7. The vulnerability was discovered by Joshua Chan and was assigned CVE-2023-51406 on December 18, 2023 (Patchstack).

The vulnerability is classified as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200). It received varying CVSS scores, with NIST assigning a HIGH severity score of 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) while Patchstack assessed it as MEDIUM severity with a score of 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) (NVD).

The vulnerability could allow malicious actors to access sensitive information that is normally restricted from regular users. This exposed information could potentially be leveraged to exploit other weaknesses in the system (Patchstack).

The vulnerability has been patched in version 2.1.8 of the FastDup plugin. Users are advised to update to version 2.1.8 or later to remediate this security issue. The vulnerability is considered to have a low severity impact and is unlikely to be exploited (Patchstack).