The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token.
History

Tue, 12 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Ce21
Ce21 ce21-suite
CPEs cpe:2.3:a:ce21:ce21-suite:*:*:*:*:*:*:*:*
Vendors & Products Ce21
Ce21 ce21-suite
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 09 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
Description The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token.
Title CE21 Suite <= 2.2.0 - JWT Token Disclosure
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-11-09T02:32:01.740Z

Updated: 2024-11-12T17:11:06.632Z

Reserved: 2024-10-23T07:28:24.003Z

Link: CVE-2024-10285

cve-icon Vulnrichment

Updated: 2024-11-12T17:11:00.629Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-09T03:15:04.410

Modified: 2024-11-12T13:56:54.483

Link: CVE-2024-10285

cve-icon Redhat

No data.