WordPress Plugin Vulnerabilities

PayHere Payment Gateway < 2.2.12 - Unauthenticated Log Data Disclosure

Description

The plugin automatically creates publicly-accessible log files containing sensitive information when transactions occur.

Proof of Concept

Affects Plugins

Plugin icon
payhere-payment-gateway
Fixed in 2.2.12

References

CVE
CVE-2023-6064

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Supun Halangoda
Submitter
Supun Halangoda
Submitter website
https://supunhalangoda.com
Submitter twitter
suppaboy
Verified
Yes
WPVDB ID
423c8881-628b-4380-9677-65b3f5165efe

Timeline

Publicly Published
2023-12-07 (about 2 years ago)
Added
2023-12-08 (about 2 years ago)
Last Updated
2023-12-08 (about 2 years ago)

Other

Published
Title
Published
2023-10-18
Title
Popup by Supsystic < 1.10.20 - Missing Authorization to Sensitive Information Exposure
Published
2024-05-03
Title
Robo Gallery < 3.2.19 - Unauthenticated Information Exposure
Published
2023-09-08
Title
EWWW Image Optimizer < 7.2.1 - Sensitive Information Exposure
Published
2025-09-26
Title
The Tribal < 1.3.4 - Unauthenticated Sensitive Information Exposure
Published
2024-05-07
Title
Ghost < 1.5.0 - Unauthenticated Sensitive Information Exposure