{"api_version":"1","generated_at":"2026-04-23T11:34:40+00:00","cve":"CVE-2024-4213","urls":{"html":"https://cve.report/CVE-2024-4213","api":"https://cve.report/api/cve/CVE-2024-4213.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-4213","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-4213"},"summary":{"title":"Shopping Cart & eCommerce Store <= 5.6.4 - Sensitive Information Exposure","description":"The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as payment details, addresses and other PII.","state":"PUBLISHED","assigner":"Wordfence","published_at":"2024-05-14 15:43:06","updated_at":"2026-04-08 18:21:42"},"problem_types":["CWE-922","CWE-922 CWE-922 Insecure Storage of Sensitive Information"],"metrics":[{"version":"3.1","source":"security@wordfence.com","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3084202/wp-easycart/trunk/admin/inc/wp_easycart_admin.php?old=3068711&old_path=wp-easycart%2Ftrunk%2Fadmin%2Finc%2Fwp_easycart_admin.php","name":"https://plugins.trac.wordpress.org/changeset/3084202/wp-easycart/trunk/admin/inc/wp_easycart_admin.php?old=3068711&old_path=wp-easycart%2Ftrunk%2Fadmin%2Finc%2Fwp_easycart_admin.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/93daab72-1243-4a05-91d3-9254a1aac727?source=cve","name":"https://www.wordfence.com/threat-intel/vulnerabilities/id/93daab72-1243-4a05-91d3-9254a1aac727?source=cve","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-4213","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4213","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"levelfourstorefront","product":"Shopping Cart & eCommerce Store","version":"affected 5.6.4 semver","platforms":[]},{"source":"ADP","vendor":"levelfourstorefront","product":"shopping_cart_\\&_ecommerce_store","version":"affected 5.6.4 semver","platforms":[]}],"timeline":[{"source":"CNA","time":"2024-05-10T09:18:19.000Z","lang":"en","value":"Disclosed"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"rajesh patil","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"affected":[{"cpes":["cpe:2.3:a:levelfourstorefront:shopping_cart_\\&_ecommerce_store:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"shopping_cart_\\&_ecommerce_store","vendor":"levelfourstorefront","versions":[{"lessThanOrEqual":"5.6.4","status":"affected","version":"0","versionType":"semver"}]}],"metrics":[{"other":{"content":{"id":"CVE-2024-4213","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-05-15T18:26:12.422188Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-06-06T19:47:43.897Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2024-08-01T20:33:52.895Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/93daab72-1243-4a05-91d3-9254a1aac727?source=cve"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/changeset/3084202/wp-easycart/trunk/admin/inc/wp_easycart_admin.php?old=3068711&old_path=wp-easycart%2Ftrunk%2Fadmin%2Finc%2Fwp_easycart_admin.php"}],"title":"CVE Program Container"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Shopping Cart & eCommerce Store","vendor":"levelfourstorefront","versions":[{"lessThanOrEqual":"5.6.4","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"rajesh patil"}],"descriptions":[{"lang":"en","value":"The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as payment details, addresses and other PII."}],"metrics":[{"cvssV3_1":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-922","description":"CWE-922 Insecure Storage of Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-08T17:09:45.766Z","orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence"},"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/93daab72-1243-4a05-91d3-9254a1aac727?source=cve"},{"url":"https://plugins.trac.wordpress.org/changeset/3084202/wp-easycart/trunk/admin/inc/wp_easycart_admin.php?old=3068711&old_path=wp-easycart%2Ftrunk%2Fadmin%2Finc%2Fwp_easycart_admin.php"}],"timeline":[{"lang":"en","time":"2024-05-10T09:18:19.000Z","value":"Disclosed"}],"title":"Shopping Cart & eCommerce Store <= 5.6.4 - Sensitive Information Exposure"}},"cveMetadata":{"assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","assignerShortName":"Wordfence","cveId":"CVE-2024-4213","datePublished":"2024-05-10T21:32:41.868Z","dateReserved":"2024-04-25T18:49:12.554Z","dateUpdated":"2026-04-08T17:09:45.766Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-05-14 15:43:06","lastModifiedDate":"2026-04-08 18:21:42","problem_types":["CWE-922","CWE-922 CWE-922 Insecure Storage of Sensitive Information"],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"4213","Ordinal":"1","Title":"Shopping Cart & eCommerce Store <= 5.6.4 - Sensitive Information","CVE":"CVE-2024-4213","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"4213","Ordinal":"1","NoteData":"The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as payment details, addresses and other PII.","Type":"Description","Title":"Shopping Cart & eCommerce Store <= 5.6.4 - Sensitive Information"}]}}}