CVE-2023-7165

2024-02-2709:15:37

[email protected]

web.nvd.nist.gov

2809

cve-2023-7165

jetbackup

wordpress

plugin

directory listing

sensitive directories

backup files

security vulnerability

9.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The JetBackup WordPress plugin before 2.0.9.9 doesn’t use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files.

Affected configurations

Vulners

Node

jetbackupjetbackupRange<2.0.9.9

VendorProductVersionCPE
jetbackupjetbackup*cpe:2.3:a:jetbackup:jetbackup:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jetbackup	jetbackup	*	cpe:2.3:a:jetbackup:jetbackup::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "JetBackup",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.0.9.9"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]