CVE-2023-7165 – JetBackup < 2.0.9.9 - Directory Listing Exposing Backups
https://notcve.org/view.php?id=CVE-2023-7165
The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files. El complemento JetBackup de WordPress anterior a 2.0.9.9 no utiliza archivos de índice para evitar la lista pública de directorios confidenciales en ciertas configuraciones, lo que permite a actores malintencionados filtrar archivos de respaldo. The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.9.7 via directory listing. This makes it possible for unauthenticated attackers to obtain backups of the database as well as other sensitive data. • https://wpscan.com/vulnerability/ad1ef4c5-60c1-4729-81dd-f626aa0ce3fe • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •