CVE-2023-51408: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2023-51408) affects StudioWombat's WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce, versions up to and including 1.4.3. This security issue involves the exposure of sensitive information to unauthorized actors through the plugin's debug log file (Patchstack).

The vulnerability is classified as CWE-532 (Insertion of Sensitive Information into Log File) with a CVSS v3.1 base score of 7.5 (HIGH) according to NIST, while Patchstack rates it at 5.3 (MEDIUM). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating it can be exploited remotely without requiring privileges or user interaction (NVD).

The vulnerability allows unauthenticated attackers to extract sensitive data, including debug information, from the plugin's log file. This exposure of sensitive information could potentially be used by malicious actors to exploit other weaknesses in the system (WPScan).

The vulnerability has been fixed in version 1.4.4 of the WP Optin Wheel plugin. Users are advised to update to this version or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).