CVE-2024-13925

Klarna Checkout for WooCommerce < 2.13.5 - DoS via Excessive Logging

CVSS 7.5 HIGHEPSS 0.4%

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

17 Apr 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result in rapid consumption of disk space, potentially filling the entire disk.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Unknown · Klarna Checkout for WooCommerce

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/6aebb52f-d74a-4043-86c4-c24579f24ef4/