Vulnerability Details CVE-2024-10285
The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.6%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2024-10285
-
cpe:2.3:a:ce21:ce21_suite:-
-
cpe:2.3:a:ce21:ce21_suite:2.1.1
-
cpe:2.3:a:ce21:ce21_suite:2.1.2
-
cpe:2.3:a:ce21:ce21_suite:2.1.3
-
cpe:2.3:a:ce21:ce21_suite:2.1.4
-
cpe:2.3:a:ce21:ce21_suite:2.1.5
-
cpe:2.3:a:ce21:ce21_suite:2.1.6
-
cpe:2.3:a:ce21:ce21_suite:2.1.7
-
cpe:2.3:a:ce21:ce21_suite:2.1.8
-
cpe:2.3:a:ce21:ce21_suite:2.1.9
-
cpe:2.3:a:ce21:ce21_suite:2.2.0