CVE-2024-13818
Published: 21 February 2025
Summary
CVE-2024-13818 is a medium-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Genetechsolutions Pie Register. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-22 (Publicly Accessible Content) and AU-9 (Protection of Audit Information).
Deeper analysis
CVE-2024-13818 is a sensitive information exposure vulnerability (CWE-532) affecting the Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress, in all versions up to and including 3.8.4. The issue stems from publicly exposed log files that contain potentially sensitive user information. It carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating medium severity with low confidentiality impact and no impact on integrity or availability.
Unauthenticated attackers can exploit this vulnerability remotely with low complexity, as the log files are publicly accessible without requiring privileges or user interaction. Successful exploitation allows attackers to view sensitive user data stored in these logs, potentially including registration details, profiles, or login-related information, enabling reconnaissance or further targeted attacks.
References include the plugin's source code at line 68 in base_variables.php, a changeset detailing the fix between revisions 3246810 and 3255985 in the pie-register trunk, and a Wordfence threat intelligence advisory, which collectively indicate that updating the plugin addresses the exposure of log files. Security practitioners should verify installations of this plugin and apply updates promptly.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4545
Vulnerability details
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.4 through publicly exposed log files. This…
more
makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct public exposure of sensitive logs in a WordPress plugin enables remote unauthenticated exploitation of a public-facing web application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely patching of the WordPress plugin vulnerability that exposes sensitive log files containing user information.
Mandates restricting public access to sensitive content like the exposed log files with user registration and profile data.
Protects audit information in log files from unauthorized access, directly mitigating the public exposure of sensitive user data.