Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the "mrw_log" functionality. This vulnerability could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. This vulnerability also allows an attacker to create or overwrite shipping labels.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2024-07-04T12:52:15.521Z
Updated: 2024-08-01T21:41:03.535Z
Reserved: 2024-07-04T10:08:19.529Z
Link: CVE-2024-6506
Vulnrichment
Updated: 2024-08-01T21:41:03.535Z
NVD
Status : Awaiting Analysis
Published: 2024-07-04T13:15:10.240
Modified: 2024-07-05T12:55:51.367
Link: CVE-2024-6506
Redhat
No data.