Insertion of Sensitive Information into Log File vulnerability
CVE-2023-44989

7.5HIGH

Key Information:

Vendor: WordPress
Status: Cf7 Google Sheets Connector
Vendor: CVE Published:; 26 March 2024

Summary

A vulnerability has been identified in the CF7 Google Sheets Connector which allows the insertion of sensitive information into log files. This security flaw could potentially expose sensitive user data to unauthorized access, as it does not properly protect debug logs from disclosing confidential information. Affected versions include all releases up to and including 5.0.5. Users are encouraged to review their logging configurations and update to a more secure version of the plugin to mitigate the risks associated with this exposure.

Affected Version(s)

CF7 Google Sheets Connector <= 5.0.5

References

https://patchstack.com/database/vulnerability/cf7-google-...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Oct 2, 2023

Credit

Joshua Chan (Patchstack Alliance)