7.5
CVE-2024-13818
- EPSS 0.11%
- Veröffentlicht 21.02.2025 04:15:09
- Zuletzt bearbeitet 25.02.2025 17:03:16
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginRegistration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction <= 3.8.4 - Sensitive Information Exposure via Log Files
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3.9 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.
Mögliche Gegenmaßnahme
Pie Register – User Registration, Profiles & Content Restriction: Update to version 3.8.4.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Pie Register – User Registration, Profiles & Content Restriction
Version
*-3.8.4
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Genetechsolutions ≫ Pie Register SwPlatformwordpress Version <= 3.8.3.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.298 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.