CVE-2023-6113
WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.
WP STAGING WordPress Backup Plugin anterior a 3.1.3 y WP STAGING Pro WordPress Backup Plugin anterior a 5.1.3 no impiden que los visitantes filtren información clave sobre los procesos de copia de seguridad en curso, lo que permite a atacantes no autenticados descargar dichas copias de seguridad más tarde.
The WP STAGING WordPress Backup Plugin Free and Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in various versions via the jobCache_backup_job file. This makes it possible for unauthenticated attackers to extract sensitive data such as the key which enables them to download the backups later.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-13 CVE Reserved
- 2023-12-06 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-09-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wp-staging Search vendor "Wp-staging" | Wp Staging Search vendor "Wp-staging" for product "Wp Staging" | < 3.1.3 Search vendor "Wp-staging" for product "Wp Staging" and version " < 3.1.3" | wordpress |
Affected
| ||||||