Lucene search
Dmitrii IgnatyevWPVDB-ID:323FEF8A-AA17-4698-9A02-C12D1D390763HistoryMar 05, 2024 - 12:00 a.m.
Backup and Restore WordPress < 1.50 - Unauthenticated Sensitive Data Exposure
2024-03-0500:00:00
Dmitrii Ignatyev
wpscan.com
11
wordpress
backup
restore
unauthenticated
sensitive data
Description The plugin does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data.
PoC
- There is a lot of sensitive data and most importantly, you can download this logs to your machine and read it. These files may also contain a full link to the backup folders if the backup is successful. “https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/debug_usage.log” “https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/backup_status.log” “https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/backup_response.log” “https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/debug_DATABASE_Upgrade.log” “https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/debug_PLUGIN_Upgrade.log”
Related
nvd
nvd
CVE-2023-7232
2024-03-26 05:15:48
cvelist
cvelist
cve
cve
CVE-2023-7232
2024-03-26 05:15:48
wpexploit
wpexploit
AI Score
6
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:323FEF8A-AA17-4698-9A02-C12D1D390763