Cyber Resilience

CVE-2024-32825

High

Published: 24 April 2024

Published
24 April 2024
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.2990 96.8th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-32825 is a high-severity Insertion of Sensitive Information Into Sent Data (CWE-201) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 3.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability CVE-2024-32825 is an instance of CWE-201 (Insertion of Sensitive Information Into Sent Data) affecting the Simply Static WordPress plugin. It impacts all versions through 3.1.3 and manifests as sensitive data exposure through log files, carrying a CVSS 3.1 score of 7.5.

Unauthenticated remote attackers can exploit the flaw over the network with low attack complexity to obtain confidential information stored or transmitted by the plugin. No user interaction or privileges are required, enabling direct disclosure of sensitive data that would otherwise remain protected.

Patchstack advisories published for this issue identify the root cause in the plugin’s logging behavior and recommend upgrading beyond version 3.1.3 once a fixed release is available. The associated EPSS score has reached a peak of 0.3280 with a current value of 0.2990, indicating sustained moderate exploitation interest following disclosure.

EU & UK References

Vulnerability details

Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through <= 3.1.3.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-201

Embedding taints allows detection when sensitive data is inserted into outbound or sent data streams.

References