Insertion of Sensitive Information into Log File vulnerability
CVE-2024-31245

7.5HIGH

Key Information:

Vendor: WordPress
Status: Convertkit
Vendor: CVE Published:; 10 April 2024

Summary

A vulnerability has been identified in ConvertKit where sensitive information can be inadvertently inserted into log files. This flaw poses risks by exposing private data during the logging process, potentially allowing unauthorized access to sensitive user information. Affected versions are from n/a through 2.4.5.

Affected Version(s)

ConvertKit <= 2.4.5

References

https://patchstack.com/database/vulnerability/convertkit/...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Mar 29, 2024

Credit

Joshua Chan (Patchstack Alliance)