CVE-2023-7164 – BackWPup < 4.0.4 - Unauthenticated Backup Download

https://notcve.org/view.php?id=CVE-2023-7164

The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database. El complemento BackWPup de WordPress anterior a 4.0.4 no impide que los visitantes filtren información clave sobre las copias de seguridad en curso, lo que permite a atacantes no autenticados descargar copias de seguridad de la base de datos de un sitio. The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database. The BackWPup – WordPress Backup Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.3. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://wpscan.com/vulnerability/79b07f37-2c6b-4846-bb28-91a1e5bf112e • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •