CVE-2024-13925

Summary

The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result in rapid consumption of disk space, potentially filling the entire disk.

Affected Software

VendorProductVersion RangeStatus
UnknownKlarna Checkout for WooCommerce0 < 2.13.5affected

Weaknesses

  • CWE-779 Logging of Excessive Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References