Refine your search

1 vulnerability found for by importify

CVE-2023-49194 (GCVE-0-2023-49194)
Vulnerability from cvelistv5
Published
2024-12-09 11:30
Modified
2026-04-29 09:51
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-215 - Insertion of Sensitive Information Into Debugging Code
Summary
Insertion of Sensitive Information Into Debugging Code vulnerability in importify Importify (Dropshipping WooCommerce) importify allows Retrieve Embedded Sensitive Data.This issue affects Importify (Dropshipping WooCommerce): from n/a through <= 1.0.4.
References
Impacted products
Vendor Product Version
importify Importify (Dropshipping WooCommerce) Version: 0   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:woocommerce:dropshipping:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dropshipping",
            "vendor": "woocommerce",
            "versions": [
              {
                "lessThanOrEqual": "1.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-49194",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-09T16:37:13.416378Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-09T16:38:55.495Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "importify",
          "product": "Importify (Dropshipping WooCommerce)",
          "vendor": "importify",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.0.5",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.0.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Mika | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-22T14:35:16.917Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insertion of Sensitive Information Into Debugging Code vulnerability in importify Importify (Dropshipping WooCommerce) importify allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects Importify (Dropshipping WooCommerce): from n/a through \u003c= 1.0.4.\u003c/p\u003e"
            }
          ],
          "value": "Insertion of Sensitive Information Into Debugging Code vulnerability in importify Importify (Dropshipping WooCommerce) importify allows Retrieve Embedded Sensitive Data.This issue affects Importify (Dropshipping WooCommerce): from n/a through \u003c= 1.0.4."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-215",
              "description": "Insertion of Sensitive Information Into Debugging Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-29T09:51:52.322Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Plugin/importify/vulnerability/wordpress-importify-dropshipping-woocommerce-plugin-1-0-4-sensitive-data-exposure-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Importify (Dropshipping WooCommerce) plugin \u003c= 1.0.4 - Sensitive Data Exposure vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-49194",
    "datePublished": "2024-12-09T11:30:17.608Z",
    "dateReserved": "2023-11-22T23:36:56.848Z",
    "dateUpdated": "2026-04-29T09:51:52.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}