WordPress Plugin Vulnerabilities

Wallet System for WooCommerce < 2.5.14 - Information Exposure via Log Files

Description

The Wallet System for WooCommerce – Wallet, Digital Wallet, Cashback, Recharge User Wallets, Partial Payments, Wallet restriction, Refunds plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.13 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.

Affects Plugins

Plugin icon
wallet-system-for-woocommerce
Fixed in 2.5.14

References

CVE
CVE-2024-38699
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/19f8a656-696c-4e4f-a0a6-c71010a1ee12

Miscellaneous

Original Researcher
Joshua Chan
Verified
No
WPVDB ID
9ea04bb3-aa3f-47b2-bc0f-60f4ba39041b

Timeline

Publicly Published
2024-07-11 (about 1 year ago)
Added
2024-07-17 (about 1 year ago)
Last Updated
2024-07-17 (about 1 year ago)

Other

Published
Title
Published
2014-08-01
Title
Zingiri Web Shop 2.6.4 - mform.php Unspecified Issue
Published
2024-04-05
Title
s2Member < 240325 - Limited Privilege Escalation
Published
2014-09-17
Title
FormCraft <= 2.0.5 - Arbitrary File Deletion
Published
2026-02-25
Title
User Registration & Membership < 5.1.3 - Authentication Bypass
Published
2014-08-01
Title
Site5 Wordpress Themes Email Spoofing