CVE-2023-7232
Backup and Restore WordPress <= 1.45 - Unauthenticated Sensitive Data Exposure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data
El complemento Backup and Restore WordPress de WordPress hasta la versión 1.45 no protege algunos archivos de registro que contienen información confidencial, como la configuración del sitio, etc., lo que permite a usuarios no autenticados acceder a dichos datos.
The Backup and Restore WordPress – Backup Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.45 via log files. This makes it possible for unauthenticated attackers to extract potentially sensitive information via log files.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-01-12 CVE Reserved
- 2024-03-05 CVE Published
- 2024-03-26 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/323fef8a-aa17-4698-9a02-c12d1d390763 | 2024-08-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Unknown Search vendor "Unknown" | Backup And Restore WordPress Search vendor "Unknown" for product "Backup And Restore WordPress" | <= 1.45 Search vendor "Unknown" for product "Backup And Restore WordPress" and version " <= 1.45" | en |
Affected
|