{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-13925","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2025-03-13T12:27:53.584Z","datePublished":"2025-04-17T06:00:09.407Z","dateUpdated":"2025-08-27T12:00:56.658Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2025-08-27T12:00:56.658Z"},"title":"Klarna Checkout for WooCommerce < 2.13.5 - DoS via Excessive Logging","problemTypes":[{"descriptions":[{"description":"CWE-779 Logging of Excessive Data","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Klarna Checkout for WooCommerce","versions":[{"status":"affected","versionType":"semver","version":"0","lessThan":"2.13.5"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result in rapid consumption of disk space, potentially filling the entire disk."}],"references":[{"url":"https://wpscan.com/vulnerability/6aebb52f-d74a-4043-86c4-c24579f24ef4/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-18T13:53:32.409917Z","id":"CVE-2024-13925","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-18T13:54:51.011Z"}}]}}