Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1743 vulnerabilities reference this CWE, most recent first.

CVE-2024-34559 (GCVE-0-2024-34559)

Vulnerability from cvelistv5 – Published: 2024-05-09 12:03 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Ghost plugin <= 1.4.0 - Sensitive Data Exposure via Log File vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Vendor Product Version
Ghost Foundation Ghost Affected: n/a , ≤ 1.4.0 (custom)
Create a notification for this product.
ghost ghost Affected: 0 , ≤ 1.4.0 (custom)
    cpe:2.3:a:ghost:ghost:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Joshua Chan (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ghost:ghost:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ghost",
            "vendor": "ghost",
            "versions": [
              {
                "lessThanOrEqual": "1.4.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34559",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T19:44:52.257515Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T14:21:16.050Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:59:21.841Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/ghost/wordpress-ghost-plugin-1-4-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "ghost",
          "product": "Ghost",
          "vendor": "Ghost Foundation",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.5.0",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.4.0",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Joshua Chan (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.\u003cp\u003eThis issue affects Ghost: from n/a through 1.4.0.\u003c/p\u003e"
            }
          ],
          "value": "Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:49.526Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/ghost/wordpress-ghost-plugin-1-4-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 1.5.0 or a higher version."
            }
          ],
          "value": "Update to 1.5.0 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Ghost plugin \u003c= 1.4.0 - Sensitive Data Exposure via Log File vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-34559",
    "datePublished": "2024-05-09T12:03:01.037Z",
    "dateReserved": "2024-05-06T19:21:15.224Z",
    "dateUpdated": "2026-04-28T16:09:49.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-34550 (GCVE-0-2024-34550)

Vulnerability from cvelistv5 – Published: 2024-05-09 12:10 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Dynamics 365 Integration plugin <= 1.3.17 - Sensitive Data Exposure vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Vendor Product Version
AlexaCRM Dynamics 365 Integration Affected: n/a , ≤ 1.3.17 (custom)
Create a notification for this product.
Credits
Joshua Chan (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34550",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-09T15:14:56.234528Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:40:59.882Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:59:20.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/integration-dynamics/wordpress-dynamics-365-integration-plugin-1-3-17-sensitive-data-exposure-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "integration-dynamics",
          "product": "Dynamics 365 Integration",
          "vendor": "AlexaCRM",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.3.18",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.3.17",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Joshua Chan (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.\u003cp\u003eThis issue affects Dynamics 365 Integration: from n/a through 1.3.17.\u003c/p\u003e"
            }
          ],
          "value": "Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:49.261Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/integration-dynamics/wordpress-dynamics-365-integration-plugin-1-3-17-sensitive-data-exposure-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 1.3.18 or a higher version."
            }
          ],
          "value": "Update to 1.3.18 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Dynamics 365 Integration plugin \u003c= 1.3.17 - Sensitive Data Exposure vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-34550",
    "datePublished": "2024-05-09T12:10:57.441Z",
    "dateReserved": "2024-05-06T19:20:58.335Z",
    "dateUpdated": "2026-04-28T16:09:49.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-34353 (GCVE-0-2024-34353)

Vulnerability from cvelistv5 – Published: 2024-05-13 15:43 – Updated: 2024-08-02 02:51
VLAI
Title
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Summary
The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup assigned a unique public-private key pair. Due to a logic bug introduced in commit 71136e44c03c79f80d6d1a2446673bc4d53a2067, matrix-sdk-crypto version 0.7.0 will sometimes log the private part of the backup key pair to Rust debug logs (using the `tracing` crate). This issue has been resolved in matrix-sdk-crypto version 0.7.1. No known workarounds are available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-05T16:09:35.013317Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T16:09:42.514Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:51:10.872Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-9ggc-845v-gcgv",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-9ggc-845v-gcgv"
          },
          {
            "name": "https://github.com/matrix-org/matrix-rust-sdk/commit/71136e44c03c79f80d6d1a2446673bc4d53a2067",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/matrix-org/matrix-rust-sdk/commit/71136e44c03c79f80d6d1a2446673bc4d53a2067"
          },
          {
            "name": "https://github.com/matrix-org/matrix-rust-sdk/commit/fa10bbb5dd0f9120a51aa1854cec752e25790bb0",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/matrix-org/matrix-rust-sdk/commit/fa10bbb5dd0f9120a51aa1854cec752e25790bb0"
          },
          {
            "name": "https://crates.io/crates/matrix-sdk-crypto/0.7.1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crates.io/crates/matrix-sdk-crypto/0.7.1"
          },
          {
            "name": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-crypto-0.7.1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-crypto-0.7.1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "matrix-sdk-crypto",
          "vendor": "matrix-org",
          "versions": [
            {
              "status": "affected",
              "version": "= 0.7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user\u0027s devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric\ncryptography, with each server-side key backup assigned a unique public-private key pair. Due to a logic bug introduced in commit 71136e44c03c79f80d6d1a2446673bc4d53a2067, matrix-sdk-crypto version 0.7.0 will sometimes log the private part of the backup key pair to Rust debug logs (using the `tracing` crate). This issue has been resolved in matrix-sdk-crypto version 0.7.1. No known workarounds are available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532: Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-14T20:13:41.721Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-9ggc-845v-gcgv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-9ggc-845v-gcgv"
        },
        {
          "name": "https://github.com/matrix-org/matrix-rust-sdk/commit/71136e44c03c79f80d6d1a2446673bc4d53a2067",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/matrix-org/matrix-rust-sdk/commit/71136e44c03c79f80d6d1a2446673bc4d53a2067"
        },
        {
          "name": "https://github.com/matrix-org/matrix-rust-sdk/commit/fa10bbb5dd0f9120a51aa1854cec752e25790bb0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/matrix-org/matrix-rust-sdk/commit/fa10bbb5dd0f9120a51aa1854cec752e25790bb0"
        },
        {
          "name": "https://crates.io/crates/matrix-sdk-crypto/0.7.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crates.io/crates/matrix-sdk-crypto/0.7.1"
        },
        {
          "name": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-crypto-0.7.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-crypto-0.7.1"
        }
      ],
      "source": {
        "advisory": "GHSA-9ggc-845v-gcgv",
        "discovery": "UNKNOWN"
      },
      "title": "matrix-sdk-crypto contains a log exposure of private key of the server-side key backup"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-34353",
    "datePublished": "2024-05-13T15:43:10.574Z",
    "dateReserved": "2024-05-02T06:36:32.438Z",
    "dateUpdated": "2024-08-02T02:51:10.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-33922 (GCVE-0-2024-33922)

Vulnerability from cvelistv5 – Published: 2024-05-02 11:02 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress WP Media Cleaner plugin <= 6.7.2 - Sensitive Data Exposure via Log File vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Vendor Product Version
Jordy Meow WP Media Cleaner Affected: n/a , ≤ 6.7.2 (custom)
Create a notification for this product.
wordpress media_cleaner Affected: - , ≤ 6.7.2 (custom)
    cpe:2.3:a:wordpress:media_cleaner:-:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Joshua Chan (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:wordpress:media_cleaner:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "media_cleaner",
            "vendor": "wordpress",
            "versions": [
              {
                "lessThanOrEqual": "6.7.2",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-33922",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-02T15:26:33.292459Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:44:03.831Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:42:59.770Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/media-cleaner/wordpress-wp-media-cleaner-plugin-6-7-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "media-cleaner",
          "product": "WP Media Cleaner",
          "vendor": "Jordy Meow",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.7.3",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.7.2",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Joshua Chan (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.\u003cp\u003eThis issue affects WP Media Cleaner: from n/a through 6.7.2.\u003c/p\u003e"
            }
          ],
          "value": "Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:46.295Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/media-cleaner/wordpress-wp-media-cleaner-plugin-6-7-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 6.7.3 or a higher version."
            }
          ],
          "value": "Update to 6.7.3 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress WP Media Cleaner plugin \u003c= 6.7.2 - Sensitive Data Exposure via Log File vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-33922",
    "datePublished": "2024-05-02T11:02:50.298Z",
    "dateReserved": "2024-04-29T08:10:02.865Z",
    "dateUpdated": "2026-04-28T16:09:46.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-33637 (GCVE-0-2024-33637)

Vulnerability from cvelistv5 – Published: 2024-04-29 07:46 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Solid Affiliate plugin <= 1.9.1 - Sensitive Data Exposure via Log File vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Vendor Product Version
Solid Plugins Solid Affiliate Affected: n/a , ≤ 1.9.1 (custom)
Create a notification for this product.
Credits
Francois Harvey (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-33637",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-29T16:21:08.841515Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:44:27.026Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:36:04.468Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/solid-affiliate/wordpress-solid-affiliate-plugin-1-9-1-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Solid Affiliate",
          "vendor": "Solid Plugins",
          "versions": [
            {
              "lessThanOrEqual": "1.9.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Francois Harvey (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.\u003cp\u003eThis issue affects Solid Affiliate: from n/a through 1.9.1.\u003c/p\u003e"
            }
          ],
          "value": "Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:44.566Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/solid-affiliate/wordpress-solid-affiliate-plugin-1-9-1-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Solid Affiliate plugin \u003c= 1.9.1 - Sensitive Data Exposure via Log File vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-33637",
    "datePublished": "2024-04-29T07:46:35.152Z",
    "dateReserved": "2024-04-25T08:14:57.580Z",
    "dateUpdated": "2026-04-28T16:09:44.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-32953 (GCVE-0-2024-32953)

Vulnerability from cvelistv5 – Published: 2024-04-24 07:36 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Newsletters plugin <= 4.9.5 - Sensitive Data Exposure vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Vendor Product Version
Newsletters Affected: n/a , ≤ 4.9.5 (custom)
tribulant newsletters Affected: 0 , ≤ 4.9.5 (custom)
    cpe:2.3:a:tribulant:newsletters:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Peng Zhou (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:27:52.751Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-5-sensitive-data-exposure-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:tribulant:newsletters:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "newsletters",
            "vendor": "tribulant",
            "versions": [
              {
                "lessThanOrEqual": "4.9.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32953",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T13:41:19.968497Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T15:35:22.227Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "newsletters-lite",
          "product": "Newsletters",
          "versions": [
            {
              "changes": [
                {
                  "at": "4.9.6",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "4.9.5",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Peng Zhou (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insertion of Sensitive Information into Log File vulnerability in Newsletters.\u003cp\u003eThis issue affects Newsletters: from n/a through 4.9.5.\u003c/p\u003e"
            }
          ],
          "value": "Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:42.306Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-5-sensitive-data-exposure-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 4.9.6 or a higher version."
            }
          ],
          "value": "Update to 4.9.6 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Newsletters plugin \u003c= 4.9.5 - Sensitive Data Exposure vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-32953",
    "datePublished": "2024-04-24T07:36:06.123Z",
    "dateReserved": "2024-04-22T10:41:46.933Z",
    "dateUpdated": "2026-04-28T16:09:42.306Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-32811 (GCVE-0-2024-32811)

Vulnerability from cvelistv5 – Published: 2024-06-09 12:44 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.4.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Vendor Product Version
Octolize USPS Shipping for WooCommerce – Live Rates Affected: n/a , ≤ 1.9.4 (custom)
Create a notification for this product.
octolize usps_shipping_for_woocommerce-live_rates Affected: 0 , ≤ 1.9.4 (custom)
    cpe:2.3:a:octolize:usps_shipping_for_woocommerce-live_rates:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Joshua Chan (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:octolize:usps_shipping_for_woocommerce-live_rates:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "usps_shipping_for_woocommerce-live_rates",
            "vendor": "octolize",
            "versions": [
              {
                "lessThanOrEqual": "1.9.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32811",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T15:15:06.159161Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T15:16:48.946Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:20:35.654Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/flexible-shipping-usps/wordpress-usps-shipping-for-woocommerce-live-rates-plugin-1-9-4-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "flexible-shipping-usps",
          "product": "USPS Shipping for WooCommerce \u2013 Live Rates",
          "vendor": "Octolize",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.10.0",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.9.4",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Joshua Chan (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce \u2013 Live Rates.\u003cp\u003eThis issue affects USPS Shipping for WooCommerce \u2013 Live Rates: from n/a through 1.9.4.\u003c/p\u003e"
            }
          ],
          "value": "Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce \u2013 Live Rates.This issue affects USPS Shipping for WooCommerce \u2013 Live Rates: from n/a through 1.9.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:40.983Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/flexible-shipping-usps/wordpress-usps-shipping-for-woocommerce-live-rates-plugin-1-9-4-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 1.10.0 or a higher version."
            }
          ],
          "value": "Update to 1.10.0 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress USPS Shipping for WooCommerce \u2013 Live Rates plugin \u003c= 1.9.4 - Sensitive Data Exposure via Log File vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-32811",
    "datePublished": "2024-06-09T12:44:39.133Z",
    "dateReserved": "2024-04-18T10:16:31.361Z",
    "dateUpdated": "2026-04-28T16:09:40.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-32788 (GCVE-0-2024-32788)

Vulnerability from cvelistv5 – Published: 2024-04-24 07:46 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress FG Joomla to Wordpress plugin <= 4.20.2 - Sensitive Data Exposure via Log File vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Vendor Product Version
Frédéric GILLES FG Joomla to WordPress Affected: n/a , ≤ 4.20.2 (custom)
Create a notification for this product.
Credits
Yudistira Arya (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32788",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T16:18:01.318892Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:51:31.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:20:35.502Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/fg-joomla-to-wordpress/wordpress-fg-joomla-to-wordpress-plugin-4-20-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "fg-joomla-to-wordpress",
          "product": "FG Joomla to WordPress",
          "vendor": "Fr\u00e9d\u00e9ric GILLES",
          "versions": [
            {
              "changes": [
                {
                  "at": "4.21.0",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "4.20.2",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Yudistira Arya (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insertion of Sensitive Information into Log File vulnerability in Fr\u00e9d\u00e9ric GILLES FG Joomla to WordPress.\u003cp\u003eThis issue affects FG Joomla to WordPress: from n/a through 4.20.2.\u003c/p\u003e"
            }
          ],
          "value": "Insertion of Sensitive Information into Log File vulnerability in Fr\u00e9d\u00e9ric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:40.412Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/fg-joomla-to-wordpress/wordpress-fg-joomla-to-wordpress-plugin-4-20-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 4.21.0 or a higher version."
            }
          ],
          "value": "Update to 4.21.0 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress FG Joomla to Wordpress plugin \u003c= 4.20.2 - Sensitive Data Exposure via Log File vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-32788",
    "datePublished": "2024-04-24T07:46:09.737Z",
    "dateReserved": "2024-04-18T09:15:22.752Z",
    "dateUpdated": "2026-04-28T16:09:40.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-32757 (GCVE-0-2024-32757)

Vulnerability from cvelistv5 – Published: 2024-07-02 14:02 – Updated: 2024-08-02 02:20
VLAI
Title
American Dynamics Illustra Essentials Gen 4 - Linux Credential Leak
Summary
Under certain circumstances unnecessary user details are provided within system logs
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
jci
Impacted products
Vendor Product Version
Johnson Controls American Dynamics Illustra Essentials Gen 4 Unaffected: 0 , ≤ Illustra.Ess4.01.02.10.5982 (custom)
Create a notification for this product.
johnsoncontrols illustra_essential_gen_4_firmware Affected: 0 , < Illustra.Ess4.01.02.13.6953 (custom)
    cpe:2.3:o:johnsoncontrols:illustra_essential_gen_4_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-27 16:00
Credits
Sam Hanson of Dragos
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:johnsoncontrols:illustra_essential_gen_4_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "illustra_essential_gen_4_firmware",
            "vendor": "johnsoncontrols",
            "versions": [
              {
                "lessThan": "Illustra.Ess4.01.02.13.6953",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32757",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-03T13:52:39.937857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-03T13:52:43.347Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:20:35.566Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-06"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "American Dynamics Illustra Essentials Gen 4",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThanOrEqual": "Illustra.Ess4.01.02.10.5982",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sam Hanson of Dragos"
        }
      ],
      "datePublic": "2024-06-27T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnder certain circumstances unnecessary user details are provided within system logs\u003c/span\u003e"
            }
          ],
          "value": "Under certain circumstances unnecessary user details are provided within system logs"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-653",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-653: Use of Known Operating System Credentials"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532: Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-12T11:52:43.770Z",
        "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "shortName": "jci"
      },
      "references": [
        {
          "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-06"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgba(9, 30, 66, 0.06);\"\u003eUpdate firmware to Illustra.Ess4.01.02.13.6953\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Update firmware to Illustra.Ess4.01.02.13.6953"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "American Dynamics Illustra Essentials Gen 4 - Linux Credential Leak",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
    "assignerShortName": "jci",
    "cveId": "CVE-2024-32757",
    "datePublished": "2024-07-02T14:02:15.247Z",
    "dateReserved": "2024-04-17T17:26:35.181Z",
    "dateUpdated": "2024-08-02T02:20:35.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-32686 (GCVE-0-2024-32686)

Vulnerability from cvelistv5 – Published: 2024-04-18 10:31 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Backup Migration plugin <= 1.4.3 - Sensitive Data Exposure via Log vulnerability
Summary
Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through 1.4.3.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Vendor Product Version
Inisev Backup Migration Affected: n/a , ≤ 1.4.3 (custom)
Create a notification for this product.
Credits
emad (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32686",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-18T15:36:32.221372Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:52:10.371Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:20:34.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/backup-backup/wordpress-backup-migration-plugin-1-4-3-sensitive-data-exposure-via-log-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "backup-backup",
          "product": "Backup Migration",
          "vendor": "Inisev",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.4.4",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.4.3",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "emad (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.\u003cp\u003eThis issue affects Backup Migration: from n/a through 1.4.3.\u003c/p\u003e"
            }
          ],
          "value": "Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through 1.4.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:39.047Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/backup-backup/wordpress-backup-migration-plugin-1-4-3-sensitive-data-exposure-via-log-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 1.4.4 or a higher version."
            }
          ],
          "value": "Update to 1.4.4 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Backup Migration plugin \u003c= 1.4.3 - Sensitive Data Exposure via Log vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-32686",
    "datePublished": "2024-04-18T10:31:38.641Z",
    "dateReserved": "2024-04-17T08:55:51.661Z",
    "dateUpdated": "2026-04-28T16:09:39.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.