CVE-2024-13641

Medium CVSS: 5.9

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/attachment directory which can contain file attachments for order refunds.

Vendor

Wpswings

Product

Return Refund And Exchange For Woocommerce

CWE

CWE-200

Yayın Tarihi

2025-02-14 06:15:19

Güncelleme

2025-02-25 19:39:47

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-200 Return Refund And Exchange For Woocommerce MEDIUM Wpswings 2025

Referanslar

https://plugins.trac.wordpress.org/browser/woo-refund-and-exchange-lite/trunk/common/class-woo-refund-and-exchange-lite-common.php#L127 https://plugins.trac.wordpress.org/changeset/3236486/ https://www.wordfence.com/threat-intel/vulnerabilities/id/5f88a21d-28a9-4c91-9bf9-6b69f6a420e8?source=cve

Benzer Kayıtlar

Medium

CVE-2025-5103

The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'defau…

Medium

CVE-2024-13724

The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for Wor…

Medium

CVE-2024-13682

The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for Wor…

Critical

CVE-2024-8425

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file…

Medium

CVE-2024-13692

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Feature…