CVE-2024-3682 Vulnerability Details

  /     /     /  

CVE-2024-3682 Metadata Quick Info

CVE Published: 26/04/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: Wordfence | Vendor: renehermi | Product: WP STAGING WordPress Backup Plugin – Migration Backup Restore
Status : PUBLISHED

---

CVE-2024-3682 Description

The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract sensitive data from a log file, including system information and (in the Pro version) license keys. Successful exploitation requires an administrator to have used the \'Contact Us\' functionality along with the "Enable this option to automatically submit the log files." option.

Metrics

CVSS Version: 3.1 | Base Score: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-200 Information Exposure
Source: renehermi

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).