← Voltar para CVEs
CVE-2024-7870
MEDIUM6.5
Descricao
The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files.
Detalhes CVE
Pontuacao CVSS v3.16.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado9/4/2024
Ultima modificacao10/7/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
pixelyoursite:pixelyoursite
Fraquezas (CWE)
CWE-287
Referencias
https://github.com/WordpressPluginDirectory/pixelyoursite/blob/main/pixelyoursite/includes/logger/class-pys-logger.php#L126(security@wordfence.com)
https://plugins.trac.wordpress.org/browser/pixelyoursite/trunk/includes/class-pys.php#L114(security@wordfence.com)
https://plugins.trac.wordpress.org/changeset/3143047/(security@wordfence.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.