Описание
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.106 (исключая)
cpe:2.3:a:wpvivid:migration\,_backup\,_staging:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 31%
0.00118
Низкий
7.5 High
CVSS3
Дефекты
CWE-338
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.
EPSS
Процентиль: 31%
0.00118
Низкий
7.5 High
CVSS3
Дефекты
CWE-338