CVE-2023-7164
BackWPup < 4.0.4 - Unauthenticated Backup Download
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database.
El complemento BackWPup de WordPress anterior a 4.0.4 no impide que los visitantes filtren información clave sobre las copias de seguridad en curso, lo que permite a atacantes no autenticados descargar copias de seguridad de la base de datos de un sitio.
The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database.
The BackWPup – WordPress Backup Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.3. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-12-18 CVE Published
- 2023-12-28 CVE Reserved
- 2024-04-09 EPSS Updated
- 2024-08-30 CVE Updated
- 2024-08-30 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/79b07f37-2c6b-4846-bb28-91a1e5bf112e | 2024-08-30 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|