Vulnerabilites related to Importify - Importify (Dropshipping WooCommerce)
CVE-2023-49194 (GCVE-0-2023-49194)
Vulnerability from cvelistv5
Published
2024-12-09 11:30
Modified
2024-12-09 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-215 - Insertion of Sensitive Information Into Debugging Code
Summary
Insertion of Sensitive Information Into Debugging Code vulnerability in Importify Importify (Dropshipping WooCommerce) allows Retrieve Embedded Sensitive Data.This issue affects Importify (Dropshipping WooCommerce): from n/a through 1.0.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Importify | Importify (Dropshipping WooCommerce) |
Version: n/a < |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:woocommerce:dropshipping:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dropshipping",
"vendor": "woocommerce",
"versions": [
{
"lessThanOrEqual": "1.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T16:37:13.416378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T16:38:55.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "importify",
"product": "Importify (Dropshipping WooCommerce)",
"vendor": "Importify",
"versions": [
{
"changes": [
{
"at": "1.0.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.0.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsertion of Sensitive Information Into Debugging Code vulnerability in Importify Importify (Dropshipping WooCommerce) allows Retrieve Embedded Sensitive Data.\u003c/p\u003e\u003cp\u003eThis issue affects Importify (Dropshipping WooCommerce): from n/a through 1.0.4.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information Into Debugging Code vulnerability in Importify Importify (Dropshipping WooCommerce) allows Retrieve Embedded Sensitive Data.This issue affects Importify (Dropshipping WooCommerce): from n/a through 1.0.4."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-215",
"description": "CWE-215 Insertion of Sensitive Information Into Debugging Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T11:30:17.608Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/importify/vulnerability/wordpress-importify-dropshipping-woocommerce-plugin-1-0-4-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No patched version is available."
}
],
"value": "No patched version is available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Importify (Dropshipping WooCommerce) plugin \u003c= 1.0.4 - Sensitive Data Exposure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-49194",
"datePublished": "2024-12-09T11:30:17.608Z",
"dateReserved": "2023-11-22T23:36:56.848Z",
"dateUpdated": "2024-12-09T16:38:55.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}