CVE-2024-32825
Published: 24 April 2024
Summary
CVE-2024-32825 is a high-severity Insertion of Sensitive Information Into Sent Data (CWE-201) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 3.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability CVE-2024-32825 is an instance of CWE-201 (Insertion of Sensitive Information Into Sent Data) affecting the Simply Static WordPress plugin. It impacts all versions through 3.1.3 and manifests as sensitive data exposure through log files, carrying a CVSS 3.1 score of 7.5.
Unauthenticated remote attackers can exploit the flaw over the network with low attack complexity to obtain confidential information stored or transmitted by the plugin. No user interaction or privileges are required, enabling direct disclosure of sensitive data that would otherwise remain protected.
Patchstack advisories published for this issue identify the root cause in the plugin’s logging behavior and recommend upgrading beyond version 3.1.3 once a fixed release is available. The associated EPSS score has reached a peak of 0.3280 with a current value of 0.2990, indicating sustained moderate exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-30611
Vulnerability details
Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through <= 3.1.3.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Embedding taints allows detection when sensitive data is inserted into outbound or sent data streams.