CVE-2023-51508: 
WordPress vulnerability analysis and mitigation

The Database Cleaner: Clean, Optimize & Repair plugin for WordPress contains a Sensitive Information Exposure vulnerability (CVE-2023-51508) affecting all versions up to and including 0.9.8. The vulnerability was discovered by Joshua Chan and was publicly disclosed on December 27, 2023 (WPScan, Patchstack).

The vulnerability is classified as CWE-532 (Insertion of Sensitive Information into Log File) and has received varying CVSS scores: a High severity score of 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) from NIST and a Medium severity score of 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) from Patchstack. The issue allows unauthenticated attackers to access sensitive information through the plugin's log file (NVD).

The vulnerability enables unauthenticated attackers to extract sensitive data, including system and plugin configuration information from the affected WordPress installations. This exposure of sensitive information could potentially be used to exploit other weaknesses in the system (Patchstack).

The vulnerability has been patched in version 0.9.9 of the Database Cleaner plugin. Users are advised to update to this version or later to remove the vulnerability. Patchstack users have the option to enable auto-updates for vulnerable plugins (Patchstack).