| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2024-10486 | 19 Nov 202400:05 | – | circl | |
| WordPress plugin Google for WooCommerce 产品安全漏洞 | 18 Nov 202400:00 | – | cnnvd | |
| CVE-2024-10486 | 18 Nov 202421:31 | – | cve | |
| CVE-2024-10486 Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File | 18 Nov 202421:31 | – | cvelist | |
| EUVD-2024-33425 | 3 Oct 202520:07 | – | euvd | |
| CVE-2024-10486 | 18 Nov 202422:15 | – | nvd | |
| phpinfo() Output Reporting (HTTP) | 3 Nov 200500:00 | – | openvas | |
| WordPress Google for WooCommerce plugin <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File vulnerability | 18 Nov 202409:32 | – | patchstack | |
| WordPress Google for WooCommerce Plugin <= 2.8.6 is vulnerable to Sensitive Data Exposure | 18 Nov 202400:00 | – | patchstack | |
| PT-2024-16311 · Google · Google For Woocommerce | 18 Nov 202400:00 | – | ptsecurity |
id: CVE-2024-10486
info:
name: Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File
author: popcorn94
severity: medium
description: |
The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks.
impact: |
Unauthenticated attackers can access PHP configuration information including server details, installed extensions, and environment variables, which can aid in planning further attacks.
remediation: |
Update Google for WooCommerce plugin to version 2.8.7 or later.
reference:
- https://plugins.trac.wordpress.org/browser/google-listings-and-ads/tags/2.8.6/vendor/googleads/google-ads-php/scripts/print_php_information.php
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/google-listings-and-ads/google-for-woocommerce-286-information-disclosure-via-publicly-accessible-php-info-file
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-10486
cwe-id: CWE-862
epss-score: 0.00887
epss-percentile: 0.54809
metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/google-listings-and-ads/"
tags: cve,cve2024,wp,wordpress,wp-plugin,google-listings-and-ads,info-leak,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/google-listings-and-ads/vendor/googleads/google-ads-php/scripts/print_php_information.php"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "PHP Extension"
- "PHP Version"
condition: and
- type: status
status:
- 200
# digest: 4a0a0047304502206620b69ac93855e88e953be62bd54f8bb8efdb9034dc19187a930633b20e6d63022100b281803f232c154c06b847dfff344182169f5e83749cfc92dff4619294655bf9:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation