CVSS 3.1 Score 7.5 of 10 (high)


Published Jan 1, 2024
Updated: Jan 8, 2024
CWE ID 532


CVE-2023-6064 is a vulnerability found in the PayHere Payment Gateway WordPress plugin before version 2.2.12. It automatically generates publicly-accessible log files that contain sensitive information during transactions. The vulnerability has a base severity of HIGH, with a base score of 7.5 according to The potential danger it poses to an organization is classified as HIGH for confidentiality impact, but there is no impact on integrity or availability. The exploitability score is 3.9, indicating a medium level of difficulty for exploiting the vulnerability. To remediate the issue, users should update their PayHere Payment Gateway plugin to version 2.2.12 or newer to ensure that sensitive information is not exposed through log files.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-6064 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options