Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Google for WooCommerce by woocommerce

    CVE-2024-10486 (GCVE-0-2024-10486)

    Vulnerability from nvd – Published: 2024-11-18 21:31 – Updated: 2026-04-08 16:57
    VLAI
    Title
    Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File
    Summary
    The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    woocommerce Google for WooCommerce Affected: 0 , ≤ 2.8.6 (semver)
    Create a notification for this product.
    automattic woocommerce Affected: 0 , ≤ 2.8.6 (semver)
        cpe:2.3:a:automattic:woocommerce:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Francesco Carlucci
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:automattic:woocommerce:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "woocommerce",
                "vendor": "automattic",
                "versions": [
                  {
                    "lessThanOrEqual": "2.8.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10486",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-19T15:21:10.404350Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-19T15:22:14.000Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Google for WooCommerce",
              "vendor": "woocommerce",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Francesco Carlucci"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:57:37.812Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64bc7d47-6b63-4fd9-85d4-82126f86308a?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/google-listings-and-ads/tags/2.8.6/vendor/googleads/google-ads-php/scripts/print_php_information.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-11T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2024-11-18T09:24:48.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Google for WooCommerce \u003c= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-10486",
        "datePublished": "2024-11-18T21:31:09.032Z",
        "dateReserved": "2024-10-28T22:56:03.530Z",
        "dateUpdated": "2026-04-08T16:57:37.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-10486 (GCVE-0-2024-10486)

    Vulnerability from cvelistv5 – Published: 2024-11-18 21:31 – Updated: 2026-04-08 16:57
    VLAI
    Title
    Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File
    Summary
    The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    woocommerce Google for WooCommerce Affected: 0 , ≤ 2.8.6 (semver)
    Create a notification for this product.
    automattic woocommerce Affected: 0 , ≤ 2.8.6 (semver)
        cpe:2.3:a:automattic:woocommerce:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Francesco Carlucci
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:automattic:woocommerce:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "woocommerce",
                "vendor": "automattic",
                "versions": [
                  {
                    "lessThanOrEqual": "2.8.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10486",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-19T15:21:10.404350Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-19T15:22:14.000Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Google for WooCommerce",
              "vendor": "woocommerce",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Francesco Carlucci"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:57:37.812Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64bc7d47-6b63-4fd9-85d4-82126f86308a?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/google-listings-and-ads/tags/2.8.6/vendor/googleads/google-ads-php/scripts/print_php_information.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-11T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2024-11-18T09:24:48.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Google for WooCommerce \u003c= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-10486",
        "datePublished": "2024-11-18T21:31:09.032Z",
        "dateReserved": "2024-10-28T22:56:03.530Z",
        "dateUpdated": "2026-04-08T16:57:37.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }