CVE-2023-52148: 
WordPress vulnerability analysis and mitigation

A sensitive data exposure vulnerability (CVE-2023-52148) was discovered in the WordPress Affiliates Manager plugin, affecting versions up to and including 2.9.30. The vulnerability was reported on December 28, 2023, by security researcher Joshua Chan and was assigned a CVSS v3.1 score of 5.3 (Medium) (Patchstack).

The vulnerability is classified as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200). It received a CVSS v3.1 Base Score of 5.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that the vulnerability is network accessible, requires low attack complexity, and needs no privileges or user interaction to exploit (NVD).

The vulnerability could allow malicious actors to view sensitive information that is normally not accessible to regular users. This exposed information could potentially be leveraged to exploit other weaknesses in the system (Patchstack).

The vulnerability has been fixed in version 2.9.31 of the Affiliates Manager plugin. Users are advised to update to version 2.9.31 or later to remediate this security issue (Patchstack).