Insertion of Sensitive Information into Log File Vulnerability
CVE-2024-31247

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Fg Drupal To WordPress
Vendor: CVE Published:; 10 April 2024

What is CVE-2024-31247?

A vulnerability exists in the FG Drupal to WordPress plugin, where sensitive information can be inadvertently logged into files. This may lead to unauthorized exposure of sensitive data, placing website security at risk. It is crucial for users running versions up to 3.70.3 to take immediate precautions to review their logging practices and implement necessary updates or mitigations to secure their WordPress sites against this type of data exposure.

Affected Version(s)

FG Drupal to WordPress <= 3.70.3

References

https://patchstack.com/database/vulnerability/fg-drupal-t...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Mar 29, 2024

Credit

Yudistira Arya (Patchstack Alliance)

Wordpress

What is CVE-2024-31247?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit