CVE-2024-32825
published 2024-04-24CVE-2024-32825: Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through…
PriorityP350high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.02%
78.5th percentile
Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through <= 3.1.3.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simply_static | simply_static | <= 3.1.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Probe for unauthenticated directory listing at the Simply Static upload path; a 200 response containing both 'Index of' and 'debug.txt' confirms exposure of log files. ↗
- →Exploit requires no specific privileges — the vulnerable log files are accessible unauthenticated via direct HTTP GET requests. ↗
- →Identify vulnerable Simply Static installations on WordPress sites by searching for the plugin path '/wp-content/plugins/simply-static/' (e.g., via PublicWWW or web crawl). ↗
- ·Vulnerability affects Simply Static versions from n/a through 3.1.3 inclusive; versions beyond 3.1.3 (patched in changeset 3025775) are not affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Simply Static - Information Disclosure
nuclei
CVE-2024-32825 Simply Static - Information Disclosure
Simply Static - Information Disclosure
Patrick Posner Simply Static versions up to 3.1.3 contain a vulnerability for insertion of sensitive information into log files caused by improper handling of log data, letting attackers potentially access sensitive information, exploit requires no specific privileges.
Template:
id: CVE-2024-32825
info:
name: Simply Static - Information Disclosure
author: pussycat0x
severity: medium
description: |
Patrick Posner Simply Static versions up to 3.1.3 contain a vulnerability for insertion of sensitive information into log files caused by improper handling of log data, letting attackers potentially access sensitive information, exploit requires no specific privileges.
impact: |
Attackers can access sensitive information stored in log files, leading to i
No writeups or analysis indexed.
https://patchstack.com/database/Wordpress/Plugin/simply-static/vulnerability/wordpress-simply-static-plugin-3-1-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/simply-static/wordpress-simply-static-plugin-3-1-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve
2024-04-24
Published