{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12159", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-12-04T14:22:34.700Z", "datePublished": "2025-01-07T04:22:19.794Z", "dateUpdated": "2025-01-07T16:19:30.253Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-01-07T04:22:19.794Z"}, "affected": [{"vendor": "muzaara", "product": "Optimize Your Campaigns \u2013 Google Shopping \u2013 Google Ads \u2013 Google Adwords", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "3.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Optimize Your Campaigns \u2013 Google Shopping \u2013 Google Ads \u2013 Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to extract sensitive configuration data that can be leveraged in another attack."}], "title": "Optimize Your Campaigns \u2013 Google Shopping \u2013 Google Ads \u2013 Google Adwords <= 3.1 - Information Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfeca343-c796-45d5-a71d-8211d8b38b3e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/muzaara-adwords-optimize-dashboard/trunk/lib/muzaara/lib/google-ads-php/scripts/print_php_information.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Joshua Chan"}], "timeline": [{"time": "2025-01-06T16:05:34.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-07T15:55:45.536579Z", "id": "CVE-2024-12159", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-07T16:19:30.253Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12159", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-07T15:55:45.536579Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-07T15:55:46.890Z"}}], "cna": {"title": "Optimize Your Campaigns \u2013 Google Shopping \u2013 Google Ads \u2013 Google Adwords <= 3.1 - Information Exposure", "credits": [{"lang": "en", "type": "finder", "value": "Joshua Chan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "muzaara", "product": "Optimize Your Campaigns \u2013 Google Shopping \u2013 Google Ads \u2013 Google Adwords", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-01-06T16:05:34.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfeca343-c796-45d5-a71d-8211d8b38b3e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/muzaara-adwords-optimize-dashboard/trunk/lib/muzaara/lib/google-ads-php/scripts/print_php_information.php"}], "descriptions": [{"lang": "en", "value": "The Optimize Your Campaigns \u2013 Google Shopping \u2013 Google Ads \u2013 Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to extract sensitive configuration data that can be leveraged in another attack."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-01-07T04:22:19.794Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12159", "state": "PUBLISHED", "dateUpdated": "2025-01-07T16:19:30.253Z", "dateReserved": "2024-12-04T14:22:34.700Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-01-07T04:22:19.794Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Optimize Your Campaigns \u2013 Google Shopping \u2013 Google Ads \u2013 Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to extract sensitive configuration data that can be leveraged in another attack."}], "id": "CVE-2024-12159", "lastModified": "2025-01-07T05:15:15.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-01-07T05:15:15.527", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/muzaara-adwords-optimize-dashboard/trunk/lib/muzaara/lib/google-ads-php/scripts/print_php_information.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfeca343-c796-45d5-a71d-8211d8b38b3e?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}