5.3

CVE-2024-2302

EPSS 0.98%
Veröffentlicht 09.04.2024 19:15:30
Zuletzt bearbeitet 07.02.2025 17:05:52
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.2.9 - Sensitive Information Exposure

The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII.

Mögliche Gegenmaßnahme

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy: Update to version 3.2.10, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Version *-3.2.9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Awesomemotive ≫ Easy Digital Downloads SwPlatformwordpress Version < 3.2.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.98%	0.761

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://plugins.trac.wordpress.org/browser/easy-digital-downloads/trunk/includes/class-edd-logging.php#L621

Product

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3060808%40easy-digital-downloads%2Ftrunk&old=3042139%40easy-digital-downloads%2Ftrunk&sfp_email=&sfph_mail=

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/0837ba20-4b47-4cc8-9eb3-322289513d79?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/0837ba20-4b47-4cc8-9eb3-322289513d79

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-2302

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2302

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2302

EUVD