CVE-2024-31247 MEDIUM

CVE-2024-31247: WordPress FG Drupal to WordPress plugin <= 3.70.3 - Sensitive Data Exposure via Log File vulnerability

Vendor Frédéric Gilles
Product FG Drupal to WordPress
Weakness CWE-532 · Sensitive info in logs
Published April 10, 2024
Last update April 28, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3.

Explanation of Vulnerability in Simple Terms

02Summary

The FG Drupal to WordPress plugin through version 3.70.3 exposes sensitive information in logs or error messages. An unauthenticated attacker on the network can read this exposed data without user interaction. Site administrators should update the plugin to a version newer than 3.70.3 to prevent information disclosure.

What an attacker can do

03Attacker Capabilities

Read sensitive information exposed in plugin logs or error messages without authentication.

Potential impact on your site

04Site Impact

Sensitive data may be exposed to unauthenticated visitors, potentially revealing configuration or operational details.

Conditions required to exploit

05Prerequisites

Network access to the site; no authentication or user interaction required.

Key dates

06Disclosure timeline

April 10, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

08Related CVE