cbcvebase.
CVE-2024-32825
published 2024-04-24

CVE-2024-32825: Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through…

PriorityP350high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.02%
78.5th percentile
Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through <= 3.1.3.

Affected

1 ranges
VendorProductVersion rangeFixed in
simply_staticsimply_static<= 3.1.3

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/uploads/simply-static/
path/wp-content/plugins/simply-static/
filenamedebug.txt
filename[0-9a-z]+-debug.txt
  • Probe for unauthenticated directory listing at the Simply Static upload path; a 200 response containing both 'Index of' and 'debug.txt' confirms exposure of log files.
  • Exploit requires no specific privileges — the vulnerable log files are accessible unauthenticated via direct HTTP GET requests.
  • Identify vulnerable Simply Static installations on WordPress sites by searching for the plugin path '/wp-content/plugins/simply-static/' (e.g., via PublicWWW or web crawl).
  • ·Vulnerability affects Simply Static versions from n/a through 3.1.3 inclusive; versions beyond 3.1.3 (patched in changeset 3025775) are not affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.