CVE-2024-12265
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-12265 is a vulnerability affecting the Web3 Crypto Payments by DePay plugin for WordPress. Versions up to and including 2.12.17 are impacted. The issue lies in the missing capability check on the /wp-json/depay/wc/debug REST API endpoint. This oversight allows unauthenticated attackers to gain unauthorized access to debug information. The potential consequences of this vulnerability include exposure of sensitive data, leading to potential privacy breaches and other malicious activities. Users are strongly advised to update to the latest version of the plugin to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.