
Repository for CVE-2023-4800 vulnerability.

CVE ID: CVE-2023-4800

Vulnerability Type: Sensitive Data Exposure

Description: The DoLogin Security plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dashboard widget in versions up to, and including, 3.7. This makes it possible for authenticated attackers to view the login attempts log.

Steps to reproduce: Enable the plugin and navigate to dashboard as authorized user.


  1. https://wpscan.com/vulnerability/7eae1434-8c7a-4291-912d-a4a07b73ee56
  2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4800
  3. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/dologin/dologin-security-37-missing-authorization-on-dashboard-widget