Description

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more.

Remediation

References

CVE-2023-6266

Related Vulnerabilities

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1183)

Apache HTTP Server Insertion of Sensitive Information into Log File Vulnerability (CVE-2001-1556)

WordPress Plugin YITH WooCommerce Added to Cart Popup Security Bypass (1.3.11)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20100)

WordPress Plugin Share Possible Remote Code Execution (1.0)

Severity

High

Classification

CVE-2023-6266 CWE-552 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities