CVE-2024-13925

{"id": "CVE-2024-13925", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-04-17T06:15:43.590", "references": [{"url": "https://wpscan.com/vulnerability/6aebb52f-d74a-4043-86c4-c24579f24ef4/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result in rapid consumption of disk space, potentially filling the entire disk."}, {"lang": "es", "value": "El complemento Klarna Checkout para WooCommerce de WordPress anterior a la versi\u00f3n 2.13.5 expone un endpoint Ajax de WooCommerce no autenticado que permite a un atacante inundar los archivos de registro con datos del tama\u00f1o m\u00e1ximo permitido para un par\u00e1metro POST por solicitud. Esto puede provocar un consumo r\u00e1pido de espacio en disco, llegando incluso a llenarlo por completo."}], "lastModified": "2025-04-29T19:09:09.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:klarna:klarna_checkout_for_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "45185EB1-9A55-4BD2-BB2C-FFF6B4E15EAA", "versionEndExcluding": "2.13.5"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}