During testing of the plugin, a vulnerability was discovered that allows the user, starting from the “Subscriber” (lower privs) privileges, to access AJAX requests that can output the following data: password and login from the database – which is very critical, password and login from the mailbox, phpinfo() and all the information that the plugin can output about the web application

Main info:

PluginSystem Dashboard <= 2.8.7
CriticalVery High
All Time20 534
Active installations1 000+
Publicly PublishedJanuary 1, 2024
Last UpdatedJanuary 1, 2024
ResearcherDmtirii Ignatyev
OWASP TOP-10A3: Sensitive Data Exposure
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5713
Plugin Security Certification by CleanTalk


November 10, 2023Plugin testing and vulnerability detection in the System Dashboard plugin have been completed
November 10, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
November 15, 2023The author fixed the vulnerability and released the plugin update
January 1, 2024Registered CVE-2023-5713

Discovery of the Vulnerability

During extensive testing of the System Dashboard plugin for WordPress, a critical vulnerability was identified. This flaw allows users, even those with the relatively lower privileges of a “Subscriber,” to exploit AJAX requests that retrieve highly sensitive information. The compromised data includes login credentials stored in the database, passwords linked to email accounts, phpinfo() outputs, and comprehensive information about the web application.

Understanding of Broken Logic Control attack’s

The vulnerability stems from a breakdown in the logical controls within the System Dashboard plugin. Logical controls are meant to ensure that users can only access information and functionalities appropriate for their assigned roles. In this case, the plugin fails to implement proper checks, enabling users with lower privileges to make unauthorized AJAX requests and retrieve critical data.

Real-world examples of broken logic vulnerabilities often involve scenarios where privilege escalation is possible, allowing users to access sensitive data or perform actions beyond the scope of their assigned roles. In the context of System Dashboard, this flaw represents a significant lapse in the logical controls meant to safeguard sensitive information.

Exploiting the Broken Logic Control Vulnerability

Exploiting the broken logic vulnerability in System Dashboard entails initiating AJAX requests that the plugin should restrict to higher-privileged roles. By leveraging this flaw, a user with Subscriber-level access or above can extract login credentials from the database, access email account passwords, obtain phpinfo() outputs, and retrieve other detailed information about the web application.

Attackers could craft specific requests or manipulate existing functionalities within the plugin to bypass logical controls, gaining unauthorized access to sensitive data.

POC request:



The potential risks associated with this vulnerability are severe. Unauthorized access to login credentials, email passwords, and detailed information about the web application could lead to a range of malicious activities, including unauthorized account access, data theft, and potentially, full compromise of the web application.

In a real-world scenario, an attacker with Subscriber-level access could exploit this vulnerability to extract login credentials from the database, compromise email accounts, and gather comprehensive information about the web application’s configuration.

Recommendations for Improved Security

  • Role-Based Access Control (RBAC): Implement robust RBAC mechanisms to ensure that each user role has appropriately restricted access based on the principle of least privilege.
  • AJAX Request Authentication: Implement strong authentication mechanisms for AJAX requests, ensuring that only authorized users can access sensitive functionalities.
  • Regular Security Audits: Conduct regular security audits of the plugin’s codebase to identify and rectify vulnerabilities, including those related to logical controls.
  • User Input Validation: Implement thorough validation and sanitization of user inputs to prevent injection attacks and unauthorized access.
  • Security Patching: Promptly release and apply security patches to address vulnerabilities as they are discovered.

By addressing these recommendations, the System Dashboard plugin can significantly bolster its security posture, preventing unauthorized access to sensitive data and enhancing the overall protection of WordPress installations.

#WordPressSecurity #BorkenLogicControl #WebsiteSafety #StayProtected #SuperHighVulnerability

Use CleanTalk solutions to improve the security of your website


Create your CleanTalk account

By signing up, you agree with license. Have an account? Log in.
CVE-2023-5713 – System Dashboard – Broken Logical Control to Mail Box password Thief – POC

Leave a Reply

Your email address will not be published. Required fields are marked *