CVE-2024-32825
WordPress Simply Static plugin <= 3.1.3 - Sensitive Data Exposure via Log File vulnerability
In short
The Simply Static WordPress plugin up to version 3.1.3 accidentally exposes sensitive information in log files that can be accessed by unauthorized users. This could reveal private data like credentials or configuration details.
Technical detail
CWE-201 vulnerability in Simply Static <= 3.1.3 allows unauthenticated or low-privileged attackers to access sensitive data (credentials, API keys, configuration parameters) through publicly or insufficiently protected log files. The plugin fails to sanitize or restrict access to logs containing sensitive information, enabling information disclosure without requiring code execution or complex exploitation.
Summary generated and translated by AI from the official description.
Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through <= 3.1.3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Simply Static · Simply StaticWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://patchstack.com/database/vulnerability/simply-static/wordpress-simply-static-plugin-3-1-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cvehttps://patchstack.com/database/Wordpress/Plugin/simply-static/vulnerability/wordpress-simply-static-plugin-3-1-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve