CVE-2023-6113

{"id": "CVE-2023-6113", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-01-01T15:15:43.243", "references": [{"url": "https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later."}, {"lang": "es", "value": "WP STAGING WordPress Backup Plugin anterior a 3.1.3 y WP STAGING Pro WordPress Backup Plugin anterior a 5.1.3 no impiden que los visitantes filtren informaci\u00f3n clave sobre los procesos de copia de seguridad en curso, lo que permite a atacantes no autenticados descargar dichas copias de seguridad m\u00e1s tarde."}], "lastModified": "2024-11-21T08:43:09.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wp-staging:wp_staging:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "6249078F-54BE-4941-9345-AD52EBC82EEC", "versionEndExcluding": "3.1.3"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}