CVE-2023-52190: 
WordPress vulnerability analysis and mitigation

The CVE-2023-52190 is a Sensitive Information Exposure vulnerability discovered in the WP Swings Coupon Referral Program WordPress plugin, affecting all versions up to and including 1.7.2. The vulnerability was discovered by Dave Jong and was publicly disclosed on January 3, 2024 (Patchstack).

The vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It received a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating that it can be exploited over the network with low attack complexity, requires no privileges or user interaction, and can result in high confidentiality impact (Patchstack).

This vulnerability allows unauthenticated attackers to extract sensitive user data and coupon information from the affected WordPress installations. The exposure of sensitive information could potentially be used to exploit other weaknesses in the system (WPScan).

Currently, there is no official fix available for this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until an official fix becomes available (Patchstack).