CVE-2024-7315 – Migration, Backup, Staging – WPvivid < 0.9.106 - Unauthenticated Sensitive Data Exposure

https://notcve.org/view.php?id=CVE-2024-7315

The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups. The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.105. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data by brute-forcing backup file names. • https://wpscan.com/vulnerability/456b728b-a451-4afb-895f-850ddc4fb589 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •