CVE-2024-6687

NVD Published Date: August 01, 2024 at 02:15 AM
NVD Last Modified: August 01, 2024 at 12:42 PM
Download Patch
Vulnerability ID
CVE-2024-6687
Severity
MEDIUM
Severity Score
5.3
Summary
The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender and receiver names, phone numbers, physical addresses, and email addresses
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE ID
None

Recent Publish

CVE-2024-39607

CVE-2024-7334

CVE-2024-34021

CVE-2024-7333

CVE-2024-7337

CVE-2024-7336

See SecOps Solution
in action

Schedule Demo