Lucene search
Dmitrii IgnatyevWPEX-ID:323FEF8A-AA17-4698-9A02-C12D1D390763HistoryMar 05, 2024 - 12:00 a.m.
Backup and Restore WordPress < 1.50 - Unauthenticated Sensitive Data Exposure
2024-03-0500:00:00
Dmitrii Ignatyev
42
wordpress
data exposure
unauthenticated access
backup folders
logs.
Description The plugin does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data.
1) There is a lot of sensitive data and most importantly, you can download this logs to your machine and read it. These files may also contain a full link to the backup folders if the backup is successful.
"https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/debug_usage.log"
"https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/backup_status.log"
"https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/backup_response.log"
"https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/debug_DATABASE_Upgrade.log"
"https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/debug_PLUGIN_Upgrade.log"Related
cve
cve
CVE-2023-7232
2024-03-26 05:15:48
cvelist
cvelist
wpvulndb
wpvulndb
nvd
nvd
CVE-2023-7232
2024-03-26 05:15:48
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:323FEF8A-AA17-4698-9A02-C12D1D390763