Lucene search

PatchstackVULNRICHMENT:CVE-2024-32811

HistoryJun 09, 2024 - 12:44 p.m.

CVE-2024-32811 WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability

2024-06-0912:44:39

CWE-532

Patchstack

github.com

wordpress

usps

live rates

plugin

exposure

vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.4.

CNA Affected

[
  {
    "vendor": "Octolize",
    "product": "USPS Shipping for WooCommerce – Live Rates",
    "versions": [
      {
        "status": "affected",
        "changes": [
          {
            "at": "1.10.0",
            "status": "unaffected"
          }
        ],
        "version": "n/a",
        "versionType": "custom",
        "lessThanOrEqual": "1.9.4"
      }
    ],
    "packageName": "flexible-shipping-usps",
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected"
  }
]

References

patchstack.com/database/vulnerability/flexible-shipping-usps/wordpress-usps-shipping-for-woocommerce-live-rates-plugin-1-9-4-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-32811