CVE-2025-24556
Published: 03 February 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2025-24556 is an Insertion of Sensitive Information into Log File vulnerability (CWE-532) in the DualCube MooWoodle WordPress plugin. The flaw allows attackers to retrieve embedded sensitive data from log files. It affects all versions of MooWoodle from n/a through 3.2.4 and was published on 2025-02-03.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating it can be exploited over the network by unauthenticated attackers with low attack complexity and no user interaction required. Successful exploitation enables retrieval of sensitive data embedded in log files, leading to high confidentiality impact without affecting integrity or availability.
Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/moowoodle/vulnerability/wordpress-moowoodle-plugin-3-2-4-sensitive-data-exposure-vulnerability?_s_id=cve.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability in public-facing WordPress plugin enables unauthenticated network exploitation (T1190) and direct retrieval of sensitive data from local log files (T1005).