PT-2024-16157 · WordPress · Ce21 Suite
István Márton
·
Published
2024-11-08
·
Updated
2025-01-29
·
CVE-2024-10285
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CE21 Suite plugin for WordPress versions up to, and including, 2.2.0
Description
The CE21 Suite plugin for WordPress has a sensitive information disclosure issue via the
plugin-log.txt file. This allows unauthenticated attackers to access sensitive information, potentially compromising user JWT tokens and enabling them to log in as the user associated with the token.Recommendations
For CE21 Suite plugin for WordPress versions up to, and including, 2.2.0:
As a temporary workaround, consider restricting access to the
plugin-log.txt file until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ce21 Suite