CVE-2023-23978 MEDIUM

CVE-2023-23978: WordPress WP Client Reports Plugin <= 1.0.16 is vulnerable to Sensitive Data Exposure

Vendor Switchwp
Product WP Client Reports
Weakness CWE-200 · Info exposure
Published November 22, 2023
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SwitchWP WP Client Reports plugin <= 1.0.16 versions.

Key dates

02Disclosure timeline

November 22, 2023 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-0717 D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure CVE-2023-26476 Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor CVE-2026-30891 Discourse hasUnauthorized Exposure of Private User Action Types CVE-2020-36835 Migration, Backup, Staging – WPvivid <= 0.9.35 - Sensitive Information Disclosure CVE-2025-9209 RestroPress – Online Food Ordering System 3.0.0 - 3.1.9.2 - Unauthenticated Information Exposure to Authentication Bypass via Forged JWT