Описание
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET requests during the limited time window of the backup process.
Ссылки
- Patch
- Third Party Advisory
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.12.3.1 (исключая)
cpe:2.3:a:revmakx:infinitewp_client:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 75%
0.00913
Низкий
5.9 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.9
github
почти 2 года назад
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET requests during the limited time window of the backup process.
EPSS
Процентиль: 75%
0.00913
Низкий
5.9 Medium
CVSS3
Дефекты
NVD-CWE-noinfo