CVE-2024-3682

Name of the Vulnerable Software and Affected Versions WP STAGING versions up to 3.4.3 WP STAGING Pro versions up to 5.4.3

Description The issue allows unauthenticated attackers to extract sensitive data from a log file, including system information and license keys, via the ajaxSendReport function. This is possible when an administrator has used the 'Contact Us' functionality along with the option to automatically submit log files.

Recommendations For WP STAGING versions up to 3.4.3, update to a version later than 3.4.3 to resolve the issue. For WP STAGING Pro versions up to 5.4.3, update to a version later than 5.4.3 to resolve the issue. As a temporary workaround, consider disabling the ajaxSendReport function until a patch is available.