CVE-2024-6506

Name of the Vulnerable Software and Affected Versions MRW plugin version 5.4.3

Description The issue is an information exposure vulnerability affecting the "mrw log" functionality. This could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. The vulnerability also allows an attacker to create or overwrite shipping labels.

Recommendations For MRW plugin version 5.4.3, consider disabling the "mrw log" functionality until a patch is available. Restrict access to sensitive customer information to minimize the risk of exploitation. Avoid using the affected functionality to prevent potential data breaches. At the moment, there is no information about a newer version that contains a fix for this vulnerability.