CVE-2023-6271

The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://research.cleantalk.org/cve-2023-6271-backup-migration-unauth-sensitive-data-exposure-to-full-control-of-the-site-poc-exploit	Exploit Third Party Advisory
https://wpscan.com/vulnerability/7ac217db-f332-404b-a265-6dc86fe747b9	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:backupbliss:backup_migration:*:*:*:*:*:wordpress:*:*

History

08 Jan 2024, 17:31

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:backupbliss:backup_migration::::::wordpress::*
First Time		Backupbliss backup Migration Backupbliss
CWE		NVD-CWE-noinfo
References	~~() https://wpscan.com/vulnerability/7ac217db-f332-404b-a265-6dc86fe747b9 -~~	() https://wpscan.com/vulnerability/7ac217db-f332-404b-a265-6dc86fe747b9 - Exploit, Third Party Advisory
References	~~() https://research.cleantalk.org/cve-2023-6271-backup-migration-unauth-sensitive-data-exposure-to-full-control-of-the-site-poc-exploit -~~	() https://research.cleantalk.org/cve-2023-6271-backup-migration-unauth-sensitive-data-exposure-to-full-control-of-the-site-poc-exploit - Exploit, Third Party Advisory

01 Jan 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-01 15:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-6271

Mitre link : CVE-2023-6271

CVE.ORG link : CVE-2023-6271

JSON object : View

Products Affected

backupbliss

backup_migration

CWE

NVD-CWE-noinfo

7.5 /10