Cyber Resilience

CVE-2023-6289

MediumPublic PoC

Published: 18 December 2023

Published
18 December 2023
Modified
07 May 2025
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0290 86.6th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6289 is a medium-severity an unspecified weakness vulnerability in Swteplugins Swift Performance. Its CVSS base score is 4.3 (Medium).

Operationally, ranked in the top 13.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

swteplugins
swift performance
≤ 2.3.6.15

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References