Cyber Resilience

CVE-2024-13818

Medium

Published: 21 February 2025

Published
21 February 2025
Modified
08 April 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0008 23.2th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13818 is a medium-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Genetechsolutions Pie Register. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-22 (Publicly Accessible Content) and AU-9 (Protection of Audit Information).

Deeper analysis

CVE-2024-13818 is a sensitive information exposure vulnerability (CWE-532) affecting the Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress, in all versions up to and including 3.8.4. The issue stems from publicly exposed log files that contain potentially sensitive user information. It carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating medium severity with low confidentiality impact and no impact on integrity or availability.

Unauthenticated attackers can exploit this vulnerability remotely with low complexity, as the log files are publicly accessible without requiring privileges or user interaction. Successful exploitation allows attackers to view sensitive user data stored in these logs, potentially including registration details, profiles, or login-related information, enabling reconnaissance or further targeted attacks.

References include the plugin's source code at line 68 in base_variables.php, a changeset detailing the fix between revisions 3246810 and 3255985 in the pie-register trunk, and a Wordfence threat intelligence advisory, which collectively indicate that updating the plugin addresses the exposure of log files. Security practitioners should verify installations of this plugin and apply updates promptly.

EU & UK References

Vulnerability details

The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.4 through publicly exposed log files. This…

more

makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct public exposure of sensitive logs in a WordPress plugin enables remote unauthenticated exploitation of a public-facing web application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-48852Shared CWE-532
CVE-2025-66236Shared CWE-532
CVE-2026-25813Shared CWE-532
CVE-2026-22778Shared CWE-532
CVE-2026-32982Shared CWE-532
CVE-2025-11008Shared CWE-532
CVE-2026-22782Shared CWE-532
CVE-2025-24556Shared CWE-532
CVE-2026-24308Shared CWE-532
CVE-2026-44052Shared CWE-532

Affected Assets

genetechsolutions
pie register
≤ 3.8.3.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely patching of the WordPress plugin vulnerability that exposes sensitive log files containing user information.

prevent

Mandates restricting public access to sensitive content like the exposed log files with user registration and profile data.

prevent

Protects audit information in log files from unauthorized access, directly mitigating the public exposure of sensitive user data.

References