CWE-532
Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.
CVE-2024-32757 (GCVE-0-2024-32757)
Vulnerability from cvelistv5 – Published: 2024-07-02 14:02 – Updated: 2024-08-02 02:20
VLAI
Title
American Dynamics Illustra Essentials Gen 4 - Linux Credential Leak
Summary
Under certain circumstances unnecessary user details are provided within system logs
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Johnson Controls | American Dynamics Illustra Essentials Gen 4 |
Unaffected:
0 , ≤ Illustra.Ess4.01.02.10.5982
(custom)
|
|
| johnsoncontrols | illustra_essential_gen_4_firmware |
Affected:
0 , < Illustra.Ess4.01.02.13.6953
(custom)
cpe:2.3:o:johnsoncontrols:illustra_essential_gen_4_firmware:*:*:*:*:*:*:*:* |
Date Public
2024-06-27 16:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:johnsoncontrols:illustra_essential_gen_4_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "illustra_essential_gen_4_firmware",
"vendor": "johnsoncontrols",
"versions": [
{
"lessThan": "Illustra.Ess4.01.02.13.6953",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T13:52:39.937857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T13:52:43.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "American Dynamics Illustra Essentials Gen 4",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "Illustra.Ess4.01.02.10.5982",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sam Hanson of Dragos"
}
],
"datePublic": "2024-06-27T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnder certain circumstances unnecessary user details are provided within system logs\u003c/span\u003e"
}
],
"value": "Under certain circumstances unnecessary user details are provided within system logs"
}
],
"impacts": [
{
"capecId": "CAPEC-653",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-653: Use of Known Operating System Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T11:52:43.770Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-06"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgba(9, 30, 66, 0.06);\"\u003eUpdate firmware to Illustra.Ess4.01.02.13.6953\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Update firmware to Illustra.Ess4.01.02.13.6953"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "American Dynamics Illustra Essentials Gen 4 - Linux Credential Leak",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2024-32757",
"datePublished": "2024-07-02T14:02:15.247Z",
"dateReserved": "2024-04-17T17:26:35.181Z",
"dateUpdated": "2024-08-02T02:20:35.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32788 (GCVE-0-2024-32788)
Vulnerability from cvelistv5 – Published: 2024-04-24 07:46 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress FG Joomla to Wordpress plugin <= 4.20.2 - Sensitive Data Exposure via Log File vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/fg-… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Frédéric GILLES | FG Joomla to WordPress |
Affected:
n/a , ≤ 4.20.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:18:01.318892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:31.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/fg-joomla-to-wordpress/wordpress-fg-joomla-to-wordpress-plugin-4-20-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fg-joomla-to-wordpress",
"product": "FG Joomla to WordPress",
"vendor": "Fr\u00e9d\u00e9ric GILLES",
"versions": [
{
"changes": [
{
"at": "4.21.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.20.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Yudistira Arya (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Fr\u00e9d\u00e9ric GILLES FG Joomla to WordPress.\u003cp\u003eThis issue affects FG Joomla to WordPress: from n/a through 4.20.2.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Fr\u00e9d\u00e9ric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:40.412Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/fg-joomla-to-wordpress/wordpress-fg-joomla-to-wordpress-plugin-4-20-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.21.0 or a higher version."
}
],
"value": "Update to 4.21.0 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress FG Joomla to Wordpress plugin \u003c= 4.20.2 - Sensitive Data Exposure via Log File vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32788",
"datePublished": "2024-04-24T07:46:09.737Z",
"dateReserved": "2024-04-18T09:15:22.752Z",
"dateUpdated": "2026-04-28T16:09:40.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32796 (GCVE-0-2024-32796)
Vulnerability from cvelistv5 – Published: 2024-04-24 07:44 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress WP Fusion Lite plugin <= 3.42.10 - Sensitive Data Exposure vulnerability
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite allows Retrieve Embedded Sensitive Data.This issue affects WP Fusion Lite: from n/a through <= 3.42.10.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| https://patchstack.com/database/vulnerability/wp-… | vdb-entryx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jack Arturo | WP Fusion Lite |
Affected:
0 , ≤ 3.42.10
(custom)
|
Date Public
2026-04-01 16:25
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T19:59:20.240019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:50:06.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wp-fusion-lite/wordpress-wp-fusion-lite-3-42-10-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-fusion-lite",
"product": "WP Fusion Lite",
"vendor": "Jack Arturo",
"versions": [
{
"changes": [
{
"at": "3.43.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.42.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Majed Refaea | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:25:11.546Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects WP Fusion Lite: from n/a through \u003c= 3.42.10.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite allows Retrieve Embedded Sensitive Data.This issue affects WP Fusion Lite: from n/a through \u003c= 3.42.10."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:40.379Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-fusion-lite/vulnerability/wordpress-wp-fusion-lite-3-42-10-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Fusion Lite plugin \u003c= 3.42.10 - Sensitive Data Exposure vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32796",
"datePublished": "2024-04-24T07:44:26.623Z",
"dateReserved": "2024-04-18T09:15:38.675Z",
"dateUpdated": "2026-04-28T16:09:40.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32811 (GCVE-0-2024-32811)
Vulnerability from cvelistv5 – Published: 2024-06-09 12:44 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.4.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/fle… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Octolize | USPS Shipping for WooCommerce – Live Rates |
Affected:
n/a , ≤ 1.9.4
(custom)
|
|
| octolize | usps_shipping_for_woocommerce-live_rates |
Affected:
0 , ≤ 1.9.4
(custom)
cpe:2.3:a:octolize:usps_shipping_for_woocommerce-live_rates:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:octolize:usps_shipping_for_woocommerce-live_rates:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "usps_shipping_for_woocommerce-live_rates",
"vendor": "octolize",
"versions": [
{
"lessThanOrEqual": "1.9.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T15:15:06.159161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T15:16:48.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/flexible-shipping-usps/wordpress-usps-shipping-for-woocommerce-live-rates-plugin-1-9-4-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "flexible-shipping-usps",
"product": "USPS Shipping for WooCommerce \u2013 Live Rates",
"vendor": "Octolize",
"versions": [
{
"changes": [
{
"at": "1.10.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.9.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce \u2013 Live Rates.\u003cp\u003eThis issue affects USPS Shipping for WooCommerce \u2013 Live Rates: from n/a through 1.9.4.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce \u2013 Live Rates.This issue affects USPS Shipping for WooCommerce \u2013 Live Rates: from n/a through 1.9.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:40.983Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/flexible-shipping-usps/wordpress-usps-shipping-for-woocommerce-live-rates-plugin-1-9-4-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.10.0 or a higher version."
}
],
"value": "Update to 1.10.0 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress USPS Shipping for WooCommerce \u2013 Live Rates plugin \u003c= 1.9.4 - Sensitive Data Exposure via Log File vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32811",
"datePublished": "2024-06-09T12:44:39.133Z",
"dateReserved": "2024-04-18T10:16:31.361Z",
"dateUpdated": "2026-04-28T16:09:40.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32825 (GCVE-0-2024-32825)
Vulnerability from cvelistv5 – Published: 2024-04-24 07:37 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Simply Static plugin <= 3.1.3 - Sensitive Data Exposure via Log File vulnerability
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through <= 3.1.3.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| https://patchstack.com/database/vulnerability/sim… | vdb-entryx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Simply Static | Simply Static |
Affected:
0 , ≤ 3.1.3
(custom)
|
Date Public
2026-04-01 16:25
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:15:31.150258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:14.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/simply-static/wordpress-simply-static-plugin-3-1-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "simply-static",
"product": "Simply Static",
"vendor": "Simply Static",
"versions": [
{
"changes": [
{
"at": "3.1.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CatFather | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:25:19.181Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.\u003cp\u003eThis issue affects Simply Static: from n/a through \u003c= 3.1.3.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through \u003c= 3.1.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:41.347Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/simply-static/vulnerability/wordpress-simply-static-plugin-3-1-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "WordPress Simply Static plugin \u003c= 3.1.3 - Sensitive Data Exposure via Log File vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32825",
"datePublished": "2024-04-24T07:37:58.648Z",
"dateReserved": "2024-04-18T10:16:48.294Z",
"dateUpdated": "2026-04-28T16:09:41.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32953 (GCVE-0-2024-32953)
Vulnerability from cvelistv5 – Published: 2024-04-24 07:36 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Newsletters plugin <= 4.9.5 - Sensitive Data Exposure vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/new… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Newsletters |
Affected:
n/a , ≤ 4.9.5
(custom)
|
||
| tribulant | newsletters |
Affected:
0 , ≤ 4.9.5
(custom)
cpe:2.3:a:tribulant:newsletters:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:52.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-5-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tribulant:newsletters:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "newsletters",
"vendor": "tribulant",
"versions": [
{
"lessThanOrEqual": "4.9.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T13:41:19.968497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:35:22.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "newsletters-lite",
"product": "Newsletters",
"versions": [
{
"changes": [
{
"at": "4.9.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.9.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Peng Zhou (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Newsletters.\u003cp\u003eThis issue affects Newsletters: from n/a through 4.9.5.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:42.306Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-5-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.9.6 or a higher version."
}
],
"value": "Update to 4.9.6 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Newsletters plugin \u003c= 4.9.5 - Sensitive Data Exposure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32953",
"datePublished": "2024-04-24T07:36:06.123Z",
"dateReserved": "2024-04-22T10:41:46.933Z",
"dateUpdated": "2026-04-28T16:09:42.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-33637 (GCVE-0-2024-33637)
Vulnerability from cvelistv5 – Published: 2024-04-29 07:46 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Solid Affiliate plugin <= 1.9.1 - Sensitive Data Exposure via Log File vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/sol… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Solid Plugins | Solid Affiliate |
Affected:
n/a , ≤ 1.9.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T16:21:08.841515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:44:27.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/solid-affiliate/wordpress-solid-affiliate-plugin-1-9-1-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Solid Affiliate",
"vendor": "Solid Plugins",
"versions": [
{
"lessThanOrEqual": "1.9.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Francois Harvey (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.\u003cp\u003eThis issue affects Solid Affiliate: from n/a through 1.9.1.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:44.566Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/solid-affiliate/wordpress-solid-affiliate-plugin-1-9-1-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Solid Affiliate plugin \u003c= 1.9.1 - Sensitive Data Exposure via Log File vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-33637",
"datePublished": "2024-04-29T07:46:35.152Z",
"dateReserved": "2024-04-25T08:14:57.580Z",
"dateUpdated": "2026-04-28T16:09:44.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-33922 (GCVE-0-2024-33922)
Vulnerability from cvelistv5 – Published: 2024-05-02 11:02 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress WP Media Cleaner plugin <= 6.7.2 - Sensitive Data Exposure via Log File vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/med… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Jordy Meow | WP Media Cleaner |
Affected:
n/a , ≤ 6.7.2
(custom)
|
|
| wordpress | media_cleaner |
Affected:
- , ≤ 6.7.2
(custom)
cpe:2.3:a:wordpress:media_cleaner:-:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wordpress:media_cleaner:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "media_cleaner",
"vendor": "wordpress",
"versions": [
{
"lessThanOrEqual": "6.7.2",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T15:26:33.292459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:44:03.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/media-cleaner/wordpress-wp-media-cleaner-plugin-6-7-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "media-cleaner",
"product": "WP Media Cleaner",
"vendor": "Jordy Meow",
"versions": [
{
"changes": [
{
"at": "6.7.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.7.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.\u003cp\u003eThis issue affects WP Media Cleaner: from n/a through 6.7.2.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:46.295Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/media-cleaner/wordpress-wp-media-cleaner-plugin-6-7-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 6.7.3 or a higher version."
}
],
"value": "Update to 6.7.3 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WP Media Cleaner plugin \u003c= 6.7.2 - Sensitive Data Exposure via Log File vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-33922",
"datePublished": "2024-05-02T11:02:50.298Z",
"dateReserved": "2024-04-29T08:10:02.865Z",
"dateUpdated": "2026-04-28T16:09:46.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-34353 (GCVE-0-2024-34353)
Vulnerability from cvelistv5 – Published: 2024-05-13 15:43 – Updated: 2024-08-02 02:51
VLAI
Title
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Summary
The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric
cryptography, with each server-side key backup assigned a unique public-private key pair. Due to a logic bug introduced in commit 71136e44c03c79f80d6d1a2446673bc4d53a2067, matrix-sdk-crypto version 0.7.0 will sometimes log the private part of the backup key pair to Rust debug logs (using the `tracing` crate). This issue has been resolved in matrix-sdk-crypto version 0.7.1. No known workarounds are available.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/matrix-org/matrix-rust-sdk/sec… | x_refsource_CONFIRM |
| https://github.com/matrix-org/matrix-rust-sdk/com… | x_refsource_MISC |
| https://github.com/matrix-org/matrix-rust-sdk/com… | x_refsource_MISC |
| https://crates.io/crates/matrix-sdk-crypto/0.7.1 | x_refsource_MISC |
| https://github.com/matrix-org/matrix-rust-sdk/rel… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| matrix-org | matrix-sdk-crypto |
Affected:
= 0.7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T16:09:35.013317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T16:09:42.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:10.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-9ggc-845v-gcgv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-9ggc-845v-gcgv"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/71136e44c03c79f80d6d1a2446673bc4d53a2067",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/71136e44c03c79f80d6d1a2446673bc4d53a2067"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/fa10bbb5dd0f9120a51aa1854cec752e25790bb0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/fa10bbb5dd0f9120a51aa1854cec752e25790bb0"
},
{
"name": "https://crates.io/crates/matrix-sdk-crypto/0.7.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crates.io/crates/matrix-sdk-crypto/0.7.1"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-crypto-0.7.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-crypto-0.7.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "matrix-sdk-crypto",
"vendor": "matrix-org",
"versions": [
{
"status": "affected",
"version": "= 0.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user\u0027s devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric\ncryptography, with each server-side key backup assigned a unique public-private key pair. Due to a logic bug introduced in commit 71136e44c03c79f80d6d1a2446673bc4d53a2067, matrix-sdk-crypto version 0.7.0 will sometimes log the private part of the backup key pair to Rust debug logs (using the `tracing` crate). This issue has been resolved in matrix-sdk-crypto version 0.7.1. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T20:13:41.721Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-9ggc-845v-gcgv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-9ggc-845v-gcgv"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/71136e44c03c79f80d6d1a2446673bc4d53a2067",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/71136e44c03c79f80d6d1a2446673bc4d53a2067"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/fa10bbb5dd0f9120a51aa1854cec752e25790bb0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/fa10bbb5dd0f9120a51aa1854cec752e25790bb0"
},
{
"name": "https://crates.io/crates/matrix-sdk-crypto/0.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://crates.io/crates/matrix-sdk-crypto/0.7.1"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-crypto-0.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-crypto-0.7.1"
}
],
"source": {
"advisory": "GHSA-9ggc-845v-gcgv",
"discovery": "UNKNOWN"
},
"title": "matrix-sdk-crypto contains a log exposure of private key of the server-side key backup"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34353",
"datePublished": "2024-05-13T15:43:10.574Z",
"dateReserved": "2024-05-02T06:36:32.438Z",
"dateUpdated": "2024-08-02T02:51:10.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34550 (GCVE-0-2024-34550)
Vulnerability from cvelistv5 – Published: 2024-05-09 12:10 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Dynamics 365 Integration plugin <= 1.3.17 - Sensitive Data Exposure vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/int… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AlexaCRM | Dynamics 365 Integration |
Affected:
n/a , ≤ 1.3.17
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T15:14:56.234528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:59.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:20.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/integration-dynamics/wordpress-dynamics-365-integration-plugin-1-3-17-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "integration-dynamics",
"product": "Dynamics 365 Integration",
"vendor": "AlexaCRM",
"versions": [
{
"changes": [
{
"at": "1.3.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.17",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.\u003cp\u003eThis issue affects Dynamics 365 Integration: from n/a through 1.3.17.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:49.261Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/integration-dynamics/wordpress-dynamics-365-integration-plugin-1-3-17-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.3.18 or a higher version."
}
],
"value": "Update to 1.3.18 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Dynamics 365 Integration plugin \u003c= 1.3.17 - Sensitive Data Exposure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34550",
"datePublished": "2024-05-09T12:10:57.441Z",
"dateReserved": "2024-05-06T19:20:58.335Z",
"dateUpdated": "2026-04-28T16:09:49.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Phase: Distribution
Description:
- Remove debug log files before deploying the application into production.
Mitigation
Phase: Operation
Description:
- Protect log files against unauthorized read/write.
Mitigation
Phase: Implementation
Description:
- Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.