Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for HitPay Payment Gateway for WooCommerce by HitPay Payment Solutions Pte Ltd
CVE-2024-38747 (GCVE-0-2024-38747)
Vulnerability from nvd – Published: 2024-08-13 10:20 – Updated: 2026-04-28 16:10
VLAI?
Title
WordPress HitPay Payment Gateway for WooCommerce plugin <= 4.1.3 - Sensitive Data Exposure via Log File vulnerability
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3.
Severity ?
7.5 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HitPay Payment Solutions Pte Ltd | HitPay Payment Gateway for WooCommerce |
Affected:
n/a , ≤ 4.1.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitpay:payment_gateway_for_woocommerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "payment_gateway_for_woocommerce",
"vendor": "hitpay",
"versions": [
{
"lessThanOrEqual": "4.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T13:21:19.888002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:27:31.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "hitpay-payment-gateway",
"product": "HitPay Payment Gateway for WooCommerce",
"vendor": "HitPay Payment Solutions Pte Ltd",
"versions": [
{
"changes": [
{
"at": "4.1.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.1.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:06.207Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/hitpay-payment-gateway/wordpress-hitpay-payment-gateway-for-woocommerce-plugin-4-1-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.1.4 or a higher version."
}
],
"value": "Update to 4.1.4 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress HitPay Payment Gateway for WooCommerce plugin \u003c= 4.1.3 - Sensitive Data Exposure via Log File vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-38747",
"datePublished": "2024-08-13T10:20:14.837Z",
"dateReserved": "2024-06-19T11:16:57.418Z",
"dateUpdated": "2026-04-28T16:10:06.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38747 (GCVE-0-2024-38747)
Vulnerability from cvelistv5 – Published: 2024-08-13 10:20 – Updated: 2026-04-28 16:10
VLAI?
Title
WordPress HitPay Payment Gateway for WooCommerce plugin <= 4.1.3 - Sensitive Data Exposure via Log File vulnerability
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3.
Severity ?
7.5 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HitPay Payment Solutions Pte Ltd | HitPay Payment Gateway for WooCommerce |
Affected:
n/a , ≤ 4.1.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitpay:payment_gateway_for_woocommerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "payment_gateway_for_woocommerce",
"vendor": "hitpay",
"versions": [
{
"lessThanOrEqual": "4.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T13:21:19.888002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:27:31.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "hitpay-payment-gateway",
"product": "HitPay Payment Gateway for WooCommerce",
"vendor": "HitPay Payment Solutions Pte Ltd",
"versions": [
{
"changes": [
{
"at": "4.1.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.1.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:06.207Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/hitpay-payment-gateway/wordpress-hitpay-payment-gateway-for-woocommerce-plugin-4-1-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.1.4 or a higher version."
}
],
"value": "Update to 4.1.4 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress HitPay Payment Gateway for WooCommerce plugin \u003c= 4.1.3 - Sensitive Data Exposure via Log File vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-38747",
"datePublished": "2024-08-13T10:20:14.837Z",
"dateReserved": "2024-06-19T11:16:57.418Z",
"dateUpdated": "2026-04-28T16:10:06.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}