Insertion of Sensitive Information into Log File vulnerability
CVE-2024-25095

7.5HIGH

Key Information:

Vendor: WordPress
Status: Easy Forms For Mailchimp
Vendor: CVE Published:; 4 June 2024

Summary

The vulnerability allows for the insertion of sensitive information into log files within Easy Forms for Mailchimp. This issue can lead to unintentional disclosure of personal data, potentially exacerbating privacy and security risks for users. The affected versions include all up to 6.9.0. It is crucial for administrators and users to apply necessary updates and restrict access to sensitive logs to mitigate potential exposure.

Affected Version(s)

Easy Forms for Mailchimp <= 6.9.0

References

https://patchstack.com/database/vulnerability/yikes-inc-e...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 4, 2024

Credit

Joshua Chan (Patchstack Alliance)