CVE-2024-13638
Published: 28 February 2025
Description
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments added to orders.
Security Summary
CVE-2024-13638 is a sensitive information exposure vulnerability (CWE-200) affecting the Order Attachments for WooCommerce plugin for WordPress in all versions up to and including 2.5.1. The issue stems from insecure storage of sensitive data in the /wp-content/uploads directory, where file attachments added to orders are placed without proper access controls via the plugin's 'uploads' directory handling. It has a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact but requiring high attack complexity.
Unauthenticated attackers can exploit this vulnerability remotely over the network without user interaction or privileges. By accessing the exposed uploads directory, they can extract sensitive data such as order-related file attachments stored insecurely, potentially leading to disclosure of customer or business information contained in those files.
Advisories reference source code locations in the plugin's Attachment.php and Ajax.php files, as well as Wordfence threat intelligence detailing the vulnerability (ID: 7e98b1ef-70dd-408d-8644-08933bca1cdd). No specific patch or mitigation details are outlined in the provided references beyond identifying the insecure storage mechanism.
Details
- CWE(s)