CVE-2023-6271
Backup Migration Staging < 1.3.6 - Sensitive Data Exposure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.
El complemento Backup Migration de WordPress anterior a 1.3.6 almacena información de las copias de seguridad en progreso en archivos fáciles de encontrar y de acceso público, lo que puede permitir a los atacantes monitorearlos para filtrar información confidencial de las copias de seguridad del sitio.
The Backup Migration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5. This makes it possible for unauthenticated attackers to extract database backups leading to the potential for a complete site takeover.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-11-23 CVE Reserved
- 2023-12-07 CVE Published
- 2024-01-09 EPSS Updated
- 2024-11-14 CVE Updated
- 2024-11-14 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Backupbliss Search vendor "Backupbliss" | Backup Migration Search vendor "Backupbliss" for product "Backup Migration" | < 1.3.6 Search vendor "Backupbliss" for product "Backup Migration" and version " < 1.3.6" | wordpress |
Affected
| ||||||