CVE-2024-13818 Information
Feb 22, 2025
cve
Description
The Registration Forms – User Registration Forms Invitation-Based Registrations Front-end User Profile Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 3.8.3.9 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Reference
https://plugins.trac.wordpress.org/browser/pie-register/trunk/classes/base_variables.php#L68 https://www.wordfence.com/threat-intel/vulnerabilities/id/768730c1-a70e-432d-a234-4ce2b8aec424?source=cve
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
5.3
Share on: