CVE-2024-49235

{"id": "CVE-2024-49235", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-10-17T18:15:10.107", "references": [{"url": "https://patchstack.com/database/vulnerability/live-support-tickets/wordpress-contact-forms-live-support-crm-video-messages-plugin-1-10-2-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-201"}]}], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2."}, {"lang": "es", "value": "La vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages permite recuperar datos confidenciales integrados. Este problema afecta a los formularios de contacto, soporte en vivo, CRM y mensajes de video: desde n/a hasta 1.10.2."}], "lastModified": "2024-10-18T12:52:33.507", "sourceIdentifier": "audit@patchstack.com"}