CVE-2024-31249

2024-04-1016:15:12

CWE-532

[email protected]

web.nvd.nist.gov

sensitive information

log file

vulnerability

wpkube subscribe to comments reloaded

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725.

Affected configurations

Vulners

Node

wpkubesubscribe_to_comments_reloadedRange≤220725

VendorProductVersionCPE
wpkubesubscribe_to_comments_reloaded*cpe:2.3:a:wpkube:subscribe_to_comments_reloaded:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wpkube	subscribe_to_comments_reloaded	*	cpe:2.3:a:wpkube:subscribe_to_comments_reloaded::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "subscribe-to-comments-reloaded",
    "product": "Subscribe To Comments Reloaded",
    "vendor": "WPKube",
    "versions": [
      {
        "changes": [
          {
            "at": "240119",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "220725",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/subscribe-to-comments-reloaded/wordpress-subscribe-to-comments-reloaded-plugin-220725-sensitive-data-exposure-vulnerability?_s_id=cve