Vulnerabilities > CVE-2024-10285 - Unspecified vulnerability in Ce21 Suite

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ce21

NVD

Published: 2024-11-09

Updated: 2025-01-29

Summary

The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token.

Vulnerable Configurations

Part	Description	Count
Application	Ce21 Ce21 Ce21 Suite - Ce21 Ce21 Suite 2.1.1 Ce21 Ce21 Suite 2.1.2 Ce21 Ce21 Suite 2.1.3 Ce21 Ce21 Suite 2.1.4 Ce21 Ce21 Suite 2.1.5 Ce21 Ce21 Suite 2.1.6 Ce21 Ce21 Suite 2.1.7 Ce21 Ce21 Suite 2.1.8 Ce21 Ce21 Suite 2.1.9 Ce21 Ce21 Suite 2.2.0	11

References

https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L237
https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L281
https://www.wordfence.com/threat-intel/vulnerabilities/id/618a9ad7-3a13-43e6-84f4-35287f07e1c0?source=cve