Search
Find a vulnerability
Search criteria
2 vulnerabilities found for FastDup by Unknown
CVE-2023-6592 (GCVE-0-2023-6592)
Vulnerability from nvd – Published: 2024-01-16 15:57 – Updated: 2025-06-20 17:21
VLAI
Title
FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure
Summary
The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/a39bb807-b143-48… | exploitvdb-entrytechnical-description |
| https://research.cleantalk.org/cve-2023-6592-fast… |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a39bb807-b143-4863-88ff-1783e407d7d4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.cleantalk.org/cve-2023-6592-fastdup-database-users-password-leak-poc-exploit/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6592",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-16T21:05:42.552242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T17:21:57.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "FastDup",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T21:23:08.145Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/a39bb807-b143-4863-88ff-1783e407d7d4/"
},
{
"url": "https://research.cleantalk.org/cve-2023-6592-fastdup-database-users-password-leak-poc-exploit/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "FastDup \u2013 Fastest WordPress Migration \u0026 Duplicator \u003c 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-6592",
"datePublished": "2024-01-16T15:57:01.390Z",
"dateReserved": "2023-12-07T18:34:38.423Z",
"dateUpdated": "2025-06-20T17:21:57.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6592 (GCVE-0-2023-6592)
Vulnerability from cvelistv5 – Published: 2024-01-16 15:57 – Updated: 2025-06-20 17:21
VLAI
Title
FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure
Summary
The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/a39bb807-b143-48… | exploitvdb-entrytechnical-description |
| https://research.cleantalk.org/cve-2023-6592-fast… |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a39bb807-b143-4863-88ff-1783e407d7d4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.cleantalk.org/cve-2023-6592-fastdup-database-users-password-leak-poc-exploit/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6592",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-16T21:05:42.552242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T17:21:57.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "FastDup",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T21:23:08.145Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/a39bb807-b143-4863-88ff-1783e407d7d4/"
},
{
"url": "https://research.cleantalk.org/cve-2023-6592-fastdup-database-users-password-leak-poc-exploit/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "FastDup \u2013 Fastest WordPress Migration \u0026 Duplicator \u003c 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-6592",
"datePublished": "2024-01-16T15:57:01.390Z",
"dateReserved": "2023-12-07T18:34:38.423Z",
"dateUpdated": "2025-06-20T17:21:57.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}