CVE-2024-3682: 
WordPress vulnerability analysis and mitigation

The WP STAGING and WP STAGING Pro plugins for WordPress contain a Sensitive Information Exposure vulnerability (CVE-2024-3682) affecting versions up to 3.4.3 (free version) and 5.4.3 (pro version). The vulnerability was discovered and disclosed on April 25, 2024. This security issue affects the ajaxSendReport function, potentially allowing unauthenticated attackers to access sensitive data from log files, including system information and license keys in the Pro version (NVD).

The vulnerability exists in the ajaxSendReport function and has been assigned a CVSS v3.1 base score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. Successful exploitation requires an administrator to have previously used the 'Contact Us' functionality with the option "Enable this option to automatically submit the log files" enabled (Wordfence).

If exploited, the vulnerability allows unauthorized access to sensitive information contained in log files. For the Pro version users, this includes exposure of license keys, while both versions can leak system information that could be valuable for attackers planning further exploits (NVD).

Users should update their installations to versions newer than 3.4.3 for WP STAGING free version and 5.4.3 for WP STAGING Pro. The vulnerability has been patched in subsequent releases (WP Staging Changelog, WP Staging Pro Changelog).