cleantalk
Vulnerabilities and Security Researches

Leyka, CVE-2023-4917

CVE, Research URL

CVE-2023-4917

Home page URL

Security reports for Leyka

Application

Leyka

Published on
Sep 13, 2023
Research Description
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords.
Affected versions
Min -, max 3.30.7.1.
Status
vulnerable
Previous vulnerability researches
Leyka (CVE-2025-53275) , Jul 03, 2025
Leyka (CVE-2025-52805) , Jul 07, 2025
Leyka (CVE-2024-35683) , Jun 11, 2024
Leyka (CVE-2025-26766) , Feb 18, 2025
Leyka (CVE-2023-27450) , Jun 07, 2024
New vulnerability
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025
Content Egg (CVE-2025-47536) , Aug 02, 2025
Smart Slider 3 (CVE-2025-6348) , Aug 02, 2025
Realtyna Organic IDX plugin + WPL Real Estate (CVE-2025-54052) , Aug 02, 2025