CVE-2023-44989

2024-03-2618:15:08

CWE-532

Patchstack

web.nvd.nist.gov

cve-2023-44989

insertion of sensitive information

log file vulnerability

gsheetconnector

cf7 google sheets connector

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.0%

JSON

Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.

Affected configurations

Vulners

Vulnrichment

Node

gsheetconnectorcf7_google_sheets_connectorRange≤5.0.5freewordpress

VendorProductVersionCPE
gsheetconnectorcf7_google_sheets_connector*cpe:2.3:a:gsheetconnector:cf7_google_sheets_connector:*:*:*:*:free:wordpress:*:*

Vendor	Product	Version	CPE
gsheetconnector	cf7_google_sheets_connector	*	cpe:2.3:a:gsheetconnector:cf7_google_sheets_connector:::::free:wordpress::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "cf7-google-sheets-connector",
    "product": "CF7 Google Sheets Connector",
    "vendor": "GSheetConnector",
    "versions": [
      {
        "changes": [
          {
            "at": "5.0.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.0.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/cf7-google-sheets-connector/wordpress-cf7-google-sheets-connector-plugin-5-0-5-sensitive-data-exposure-via-debug-log-vulnerability?_s_id=cve