CVE-2023-5713: 
WordPress vulnerability analysis and mitigation

CVE-2023-5713 affects the System Dashboard plugin for WordPress versions up to and including 2.8.7. The vulnerability was discovered and disclosed on December 6, 2023, and stems from a missing capability check on the sd_option_value() function hooked via an AJAX action (NVD, Wordfence).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 4.3 (Medium). The security flaw exists in the sd_option_value() function that lacks proper capability checks when accessed through an AJAX action. This implementation oversight allows authenticated users with subscriber-level access or higher to retrieve and deserialize potentially sensitive option values (NVD).

The vulnerability enables authenticated attackers with subscriber-level access or higher to access and retrieve potentially sensitive option values from the WordPress installation. Additionally, these retrieved values can be deserialized, which could potentially lead to exposure of sensitive configuration data (NVD).

Users should upgrade to System Dashboard version 2.8.8 or later, which includes patches that address this vulnerability. The fix implements proper capability checks for the affected function (Wordfence).