Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-31298

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-10 Apr, 2024 | 15:34
Updated At-02 Aug, 2024 | 01:52
Rejected At-
Credits

WordPress User Spam Remover plugin <= 1.0 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:10 Apr, 2024 | 15:34
Updated At:02 Aug, 2024 | 01:52
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress User Spam Remover plugin <= 1.0 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.

Affected Products
Vendor
Joel Hardi
Product
User Spam Remover
Collection URL
https://wordpress.org/plugins
Package Name
user-spam-remover
Default Status
unaffected
Versions
Affected
  • From n/a through 1.0 (custom)
    • -> unaffectedfrom1.1
Problem Types
TypeCWE IDDescription
CWECWE-532CWE-532 Insertion of Sensitive Information into Log File
Type: CWE
CWE ID: CWE-532
Description: CWE-532 Insertion of Sensitive Information into Log File
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to 1.1 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Joshua Chan (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/user-spam-remover/wordpress-user-spam-remover-plugin-1-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/user-spam-remover/wordpress-user-spam-remover-plugin-1-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/user-spam-remover/wordpress-user-spam-remover-plugin-1-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/user-spam-remover/wordpress-user-spam-remover-plugin-1-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:10 Apr, 2024 | 16:15
Updated At:10 Apr, 2024 | 19:49

Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-532Primaryaudit@patchstack.com
CWE ID: CWE-532
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/user-spam-remover/wordpress-user-spam-remover-plugin-1-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/user-spam-remover/wordpress-user-spam-remover-plugin-1-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

63Records found
CVE-2024-2302
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.98% / 75.86%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 18:58
Updated-07 Feb, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII.

Action-Not Available
Vendor-Sandhills Development, LLC (EasyDigitalDownloads)Awesome Motive Inc.
Product-easy_digital_downloadsEasy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)easy_digital_downloads
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-52146
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.94%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 11:05
Updated-17 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 404 Solution Plugin <= 2.33.0 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.

Action-Not Available
Vendor-Aaron J
Product-404_solution404 Solution
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-6687
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.34%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 01:59
Updated-23 Nov, 2024 | 00:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CTT Expresso para WooCommerce <= 3.2.12 - Information Exposure via Unprotected Directory

The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender and receiver names, phone numbers, physical addresses, and email addresses

Action-Not Available
Vendor-thisfunctionallimpinhothisfunctional
Product-ctt_expresso_para_woocommerceCTT Expresso para WooCommercectt_expresso_para_woocommerce
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-43887
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.64%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 20:27
Updated-17 Apr, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics information disclosure

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_analyticsCognos Analytics
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-41618
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-3.7||LOW
EPSS-0.23% / 45.78%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 22:29
Updated-20 Feb, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Media Library Assistant plugin <= 3.00 - Unauthenticated Error Log Disclosure vulnerability

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.

Action-Not Available
Vendor-davidlingrenDavid Lingren
Product-media_library_assistantMedia Library Assistant (WordPress plugin)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-40979
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-4.4||MEDIUM
EPSS-0.00% / 0.16%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 10:50
Updated-03 Aug, 2024 | 12:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-17675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 54.99%
||
7 Day CHG~0.00%
Published-19 May, 2021 | 13:11
Updated-05 Aug, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.

Action-Not Available
Vendor-bmcn/a
Product-remedy_mid-tiern/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-39046
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.60%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

Action-Not Available
Vendor-n/aNetApp, Inc.GNU
Product-h500sontap_select_deploy_administration_utilityh410s_firmwareh700s_firmwareh500s_firmwareh300s_firmwareh410c_firmwareglibch410sh410ch300sh700sn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-37205
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 39.11%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 17:50
Updated-02 Aug, 2024 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress affiliate-toolkit plugin <= 3.4.4 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4.

Action-Not Available
Vendor-SERVIT Software Solutionsservit
Product-affiliate-toolkitaffiliate-toolkit
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-34798
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.44%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:21
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Debug Log – Manger Tool plugin <= 1.4.5 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in Lukman Nakib Debug Log – Manger Tool.This issue affects Debug Log – Manger Tool: from n/a through 1.4.5.

Action-Not Available
Vendor-Lukman Nakib
Product-Debug Log – Manger Tool
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-30733
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.21% / 44.12%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 18:15
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-accountSamsung Account
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-34550
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 54.17%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 12:10
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dynamics 365 Integration plugin <= 1.3.17 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17.

Action-Not Available
Vendor-AlexaCRM
Product-Dynamics 365 Integration
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-32811
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.44%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:44
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.4.

Action-Not Available
Vendor-Octolizeoctolize
Product-USPS Shipping for WooCommerce – Live Ratesusps_shipping_for_woocommerce-live_rates
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
  • Previous
  • 1
  • 2
  • Next
Details not found