Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Backup and Restore WordPress by Unknown

    CVE-2023-7232 (GCVE-0-2023-7232)

    Vulnerability from nvd – Published: 2024-03-26 05:00 – Updated: 2024-08-02 17:32
    VLAI
    Title
    Backup and Restore WordPress <= 1.45 - Unauthenticated Sensitive Data Exposure
    Summary
    The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/323fef8a-aa17-46… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Backup and Restore WordPress Affected: 0 , ≤ 1.45 (semver)
    Create a notification for this product.
    wpbackitup wp_backitup Affected: 0 , ≤ 1.45 (custom)
        cpe:2.3:a:wpbackitup:wp_backitup:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dmitrii Ignatyev WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/323fef8a-aa17-4698-9a02-c12d1d390763/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wpbackitup:wp_backitup:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wp_backitup",
                "vendor": "wpbackitup",
                "versions": [
                  {
                    "lessThanOrEqual": "1.45",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7232",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T17:30:30.845935Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:32:05.721Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Backup and Restore WordPress ",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.45",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Backup and Restore WordPress  WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-26T05:00:02.063Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/323fef8a-aa17-4698-9a02-c12d1d390763/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Backup and Restore WordPress \u003c= 1.45 - Unauthenticated Sensitive Data Exposure",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-7232",
        "datePublished": "2024-03-26T05:00:02.063Z",
        "dateReserved": "2024-01-12T15:11:32.941Z",
        "dateUpdated": "2024-08-02T17:32:05.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-7232 (GCVE-0-2023-7232)

    Vulnerability from cvelistv5 – Published: 2024-03-26 05:00 – Updated: 2024-08-02 17:32
    VLAI
    Title
    Backup and Restore WordPress <= 1.45 - Unauthenticated Sensitive Data Exposure
    Summary
    The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/323fef8a-aa17-46… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Backup and Restore WordPress Affected: 0 , ≤ 1.45 (semver)
    Create a notification for this product.
    wpbackitup wp_backitup Affected: 0 , ≤ 1.45 (custom)
        cpe:2.3:a:wpbackitup:wp_backitup:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dmitrii Ignatyev WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/323fef8a-aa17-4698-9a02-c12d1d390763/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wpbackitup:wp_backitup:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wp_backitup",
                "vendor": "wpbackitup",
                "versions": [
                  {
                    "lessThanOrEqual": "1.45",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7232",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T17:30:30.845935Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:32:05.721Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Backup and Restore WordPress ",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.45",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Backup and Restore WordPress  WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-26T05:00:02.063Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/323fef8a-aa17-4698-9a02-c12d1d390763/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Backup and Restore WordPress \u003c= 1.45 - Unauthenticated Sensitive Data Exposure",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-7232",
        "datePublished": "2024-03-26T05:00:02.063Z",
        "dateReserved": "2024-01-12T15:11:32.941Z",
        "dateUpdated": "2024-08-02T17:32:05.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }