CVE-2024-13525

{"id": "CVE-2024-13525", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-02-15T09:15:08.833", "references": [{"url": "https://plugins.trac.wordpress.org/browser/emails-verification-for-woocommerce/tags/2.9.2/includes/class-alg-wc-ev-core.php#L990", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3232261%40emails-verification-for-woocommerce%2Ftrunk&old=3230854%40emails-verification-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a63a41d1-b9b0-43a9-a6e0-761f3b8d9d4a?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including emails as well as hashed passwords of any user."}, {"lang": "es", "value": "El complemento Customer Email Verification for WooCommerce para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 2.9.4 incluida a trav\u00e9s de un c\u00f3digo corto. Esto permite que atacantes autenticados, con acceso de nivel de colaborador o superior, extraigan datos confidenciales, incluidos correos electr\u00f3nicos y contrase\u00f1as cifradas de cualquier usuario."}], "lastModified": "2025-02-24T17:10:47.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpfactory:customer_email_verification_for_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CE375DC5-2869-4F4E-B9E9-DB8C4894FF69", "versionEndExcluding": "2.9.5"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}