CVE-2023-52126: 
WordPress vulnerability analysis and mitigation

The Send Users Email WordPress plugin was found to contain a Sensitive Information Exposure vulnerability (CVE-2023-52126) affecting all versions up to and including 1.4.3. The vulnerability was discovered and reported by researcher Mika on October 31, 2023, and was publicly disclosed on December 28, 2023 (Patchstack).

The vulnerability is classified as a Sensitive Information Exposure (CWE-200) that allows unauthenticated attackers to access sensitive data through the plugin's error logs. The vulnerability has been assigned a CVSS v3.1 score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that it is network-accessible, requires low attack complexity, and needs no privileges or user interaction to exploit (WPScan).

The vulnerability enables malicious actors to extract sensitive data about the plugin and site configuration through error logs. This exposure of sensitive information could potentially be used by attackers to exploit other weaknesses in the system (Patchstack).

The vulnerability has been fixed in version 1.4.4 of the Send Users Email plugin. Users are advised to update to version 1.4.4 or later to remediate this security issue. The vulnerability is considered to have a low severity impact and is unlikely to be exploited, but updating is still recommended as a security measure (Patchstack).