CVE-2024-7870

4 Sep 2024

Título es

CVE-2024-7870

Mié, 04/09/2024 – 09:15

Tipo

CWE-287

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-7870

Descripción en

The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files.

04/09/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/WordpressPluginDirectory/pixelyoursite/blob/main/pixelyoursite/includes/logger/class-pys-logger.php#L126

https://plugins.trac.wordpress.org/browser/pixelyoursite/trunk/includes/class-pys.php#L114

https://plugins.trac.wordpress.org/changeset/3143047/

https://www.wordfence.com/threat-intel/vulnerabilities/id/7fd7a515-6389-4152-8dac-d5497dd94f6d?source=cve