CVE-2024-37270: 
WordPress vulnerability analysis and mitigation

The TrustedLogin Vendor plugin for WordPress contains a Sensitive Information Exposure vulnerability (CVE-2024-37270) affecting all versions prior to 1.1.1. The vulnerability was discovered by Dhabaleshwar Das and publicly disclosed on June 27, 2024. This security issue allows unauthenticated attackers to extract sensitive user or configuration data from the system (WPScan, Patchstack).

The vulnerability is classified as CWE-532 (Insertion of Sensitive Information into Log File). It has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and can result in low-level confidentiality impact (Patchstack).

The vulnerability allows unauthenticated attackers to access and extract sensitive user or configuration data that would normally be restricted. This information exposure could potentially be used by malicious actors to further exploit the system or gain unauthorized access to protected resources (WPScan).

Users are advised to update to TrustedLogin Vendor version 1.1.1 or later, which contains a fix for this vulnerability (Patchstack).