7.5
CVE-2024-7870
- EPSS 0.71%
- Veröffentlicht 04.09.2024 09:15:04
- Zuletzt bearbeitet 07.10.2024 12:29:19
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginPixelYourSite – Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion
The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files.
Mögliche Gegenmaßnahme
PixelYourSite – Your smart PIXEL (TAG) & API Manager: Update to version 9.7.2, or a newer patched version
PixelYourSite Pro – Your smart PIXEL (TAG) Manager: Update to version 10.4.3, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
PixelYourSite – Your smart PIXEL (TAG) & API Manager
Version
*-9.7.1
SystemWordPress Plugin
≫
Produkt
PixelYourSite Pro – Your smart PIXEL (TAG) Manager
Version
*-10.4.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pixelyoursite ≫ Pixelyoursite SwEdition- SwPlatformwordpress Version < 9.7.2
Pixelyoursite ≫ Pixelyoursite SwEditionpro SwPlatformwordpress Version < 10.4.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.71% | 0.719 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@wordfence.com | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.