CVE-2024-3682 MEDIUM

CVE-2024-3682: WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File

Vendor Renehermi

Product WP STAGING – WordPress Backup, Restore & Migration

Weakness CWE-200 · Info exposure

Published April 26, 2024

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract sensitive data from a log file, including system information and (in the Pro version) license keys. Successful exploitation requires an administrator to have used the 'Contact Us' functionality along with the "Enable this option to automatically submit the log files." option.

Key dates

02Disclosure timeline

April 26, 2024 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-3682 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2024-3682

CWE CWE-200

CVSS 5.3 / MEDIUM

Affected versions

Vendor Renehermi

Product WP STAGING – WordPress Backup, Restore & Migration

Affected ≤ 3.4.3

Vendor Wpstaging

Product WP STAGING Pro WordPress Backup Plugin

Affected ≤ 5.4.3

CVE-2024-3682: WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File

01Description

02Disclosure timeline

03References

04Related CVE