Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:C987A54E-EB98-4942-AB67-5E0283B0F4DE
HistoryDec 01, 2023 - 12:00 a.m.

Backup Migration < 1.3.7 - Unauthenticated Arbitrary File Download to Sensitive Information Exposure

2023-12-0100:00:00
wpscan.com
5
wordpress
backup migration
unauthenticated access
file validation
sensitive information exposure
data breach

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.5%

JSON

Description The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more.

CPENameOperatorVersion
eq1.3.7

Related

cvelist 1
nvd 1
prion 1
cve 1
wordfence 1
cvelist
cvelist
CVE-2023-6266
2024-01-11 08:32:27
nvd
nvd
CVE-2023-6266
2024-01-11 09:15:48
prion
prion
Path traversal
2024-01-11 09:15:00
cve
cve
CVE-2023-6266
2024-01-11 09:15:48
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023)
2023-12-07 14:11:22

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.5%

JSON
Related for WPVDB-ID:C987A54E-EB98-4942-AB67-5E0283B0F4DE
cvelist1nvd1prion1cve1wordfence1