Lucene search
Dmitrii IgnatyevWPEX-ID:FAD9EEFE-4552-4D20-A1FD-BB2E172EC8D7HistoryDec 18, 2023 - 12:00 a.m.
Clone < 2.4.3 - Unauthenticated Backup Download
2023-12-1800:00:00
Dmitrii Ignatyev
40
unauthenticated access
backup files
cloning process
exploit
Description The plugin uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path.
While a backup job is running, visitors can access one of the following files (it might take a couple tries, as the timing needs to be right):
"http://127.0.0.1/wordpress/wp-content/uploads/wp-clone/wpclone_backup/file.list",
"http://127.0.0.1/wordpress/wp-content/uploads/wp-clone/wpclone_backup/database.sql",
"http://127.0.0.1/wordpress/wp-content/uploads/wp-clone/wpclone_backup/prefix.txt"Related
wpvulndb
wpvulndb
Clone < 2.4.3 - Unauthenticated Backup Download
2023-12-18 00:00:00
nvd
nvd
CVE-2023-6750
2024-01-08 19:15:10
cvelist
cvelist
CVE-2023-6750 Clone < 2.4.3 - Unauthenticated Backup Download
2024-01-08 19:00:37
cve
cve
CVE-2023-6750
2024-01-08 19:15:10
prion
prion
Path traversal
2024-01-08 19:15:00
wordfence
wordfence
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.0%
Related for WPEX-ID:FAD9EEFE-4552-4D20-A1FD-BB2E172EC8D7