Description

WordPress Plugin Backup Migration is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Backup Migration version 1.2.8 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.2.9 or latest

References

https://www.exploit-db.com/exploits/51445

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/backup-backup/backup-migration-128-sensitive-information-exposure

https://plugins.svn.wordpress.org/backup-backup/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin WordPress Users 'uid' Parameter SQL Injection (1.3)

Lighttpd Out-of-bounds Write Vulnerability (CVE-2022-22707)

MyBB CVE-2015-2786 Vulnerability (CVE-2015-2786)

WebLogic CVE-2022-21616 Vulnerability (CVE-2022-21616)

WordPress Plugin Google Maps by BestWebSoft Cross-Site Scripting (1.3.5)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure