How severe is CVE-2024-2302?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-2302?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2024-2302

MEDIUM Year: 2024

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-532

View all →

Vulnerability Description

The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII.

CVE-2015-1343

MEDIUM

CVSS:5.3(Medium)

All versions of unity-scope-gdrive logs search terms to syslog.

CWE-5322015

CVE-2017-1198

MEDIUM

CVSS:5.3(Medium)

IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs vi...

CWE-5322017

CVE-2017-17675

MEDIUM

CVSS:5.3(Medium)

BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names a...

CWE-5322017

CVE-2018-10889

MEDIUM

CVSS:5.3(Medium)

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.

CWE-5322018