WordPress Plugin Vulnerabilities

Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More < 13.3.2 - Sensitive Information Exposure via Log Files

Description

The Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 13.3.1 via log files. This makes it possible for unauthenticated attackers to view potentially sensitive information from log files.

Affects Plugins

Plugin icon
woo-product-feed-pro
Fixed in 13.3.2

References

CVE
CVE-2024-32513
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c6edff9f-9876-4824-b057-8acbda861ffa

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
beluga
Verified
No
WPVDB ID
262691f2-b967-4251-892b-08d9c5ac8aa2

Timeline

Publicly Published
2024-04-15 (about 2 years ago)
Added
2024-04-24 (about 2 years ago)
Last Updated
2024-04-24 (about 2 years ago)

Other

Published
Title
Published
2019-07-17
Title
Coming Soon Page & Maintenance Mode < 1.8.2 - Arbitrary Settings Reset
Published
2021-11-03
Title
Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Options Reset
Published
2024-01-16
Title
User Profile Builder < 3.10.9 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update
Published
2021-08-26
Title
Woffice < 4.0.2 - Unauthenticated Disclosure of Notification Titles
Published
2024-02-16
Title
My Private Site < 3.1.0 - Improper Access Control to Sensitive Information Exposure via REST API