CVE-2023-6113

WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download

CVSS 7.5 HIGHEPSS 0.8%

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.5EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

01 ene 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

Unknown · WP STAGING Pro WordPress Backup Plugin Unknown · WP STAGING WordPress Backup Plugin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb