2 matches found
WordPress Aramex Shipping WooCommerce Plugin <= 1.1.21 is vulnerable to Sensitive Data Exposure
Software Aramex Shipping WooCommerce Type Plugin Vulnerable versions = 1.1.21 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6566 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d92b800ee193 Credits stealthcopter...
CVE-2024-6566 Aramex Shipping WooCommerce <= 1.1.21 - Unauthenticated Full Path Disclosure
The Aramex Shipping WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.21. This is due the plugin not preventing direct access to the composer-setup.php file which also has displayerrors enabled. This makes it possible for...