Lucene search

[email protected]NVD:CVE-2023-6113

HistoryJan 01, 2024 - 3:15 p.m.

CVE-2023-6113

2024-01-0115:15:43

[email protected]

web.nvd.nist.gov

cve-2023-6113

wordpress

backup

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

42.6%

JSON

The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.

Affected configurations

Nvd

Node

wp-stagingwp_stagingRange<3.1.3wordpress

VendorProductVersionCPE
wp-stagingwp_staging*cpe:2.3:a:wp-staging:wp_staging:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wp-staging	wp_staging	*	cpe:2.3:a:wp-staging:wp_staging::::::wordpress::*

References

research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/

wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

42.6%

JSON

Related for NVD:CVE-2023-6113

cve1 prion1 wpvulndb1 cvelist1 wpexploit1