CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32811 – WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-32811
Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.4. Vulnerabilidad de inserción de información confidencial en el archivo de registro en Octolize USPS Shipping for WooCommerce – Live Rates. Este problema afecta a USPS Shipping for WooCommerce – Live Rates: desde n/a hasta 1.9.4. The USPS Shipping for WooCommerce – Live Rates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.4 via log files. This makes it possible for unauthenticated users to extract potentially sensitive information from log files. • https://patchstack.com/database/vulnerability/flexible-shipping-usps/wordpress-usps-shipping-for-woocommerce-live-rates-plugin-1-9-4-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31943 – WordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31943
Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2. The USPS Shipping for WooCommerce – Live Rates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown. • https://patchstack.com/database/vulnerability/flexible-shipping-usps/wordpress-usps-shipping-for-woocommerce-plugin-1-9-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •