Lucene search
WpvulndbWPVDB-ID:8A69BA6E-B3D1-47A2-B7E5-FBE199BFB3D0HistorySep 16, 2021 - 12:00 a.m.
BulletProof Security < 5.2 - Sensitive Information Disclosure
2021-09-1600:00:00
wpscan.com
12
plugin vulnerability
sensitive information
file path disclosure
publicly accessible
poc
software
EPSS
0.4
Percentile
97.3%
The plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files.
PoC
https://example.com/wp-content/bps-backup/logs/db_backup_log.txt https://example.com/wp-content/plugins/bulletproof-security/admin/htaccess/db_backup_log.txt
Related
cve
cve
CVE-2021-39327
2021-09-17 11:15:08
prion
prion
Design/Logic Flaw
2021-09-17 11:15:00
packetstorm
packetstorm
Wordpress BulletProof Security Backup Disclosure
2024-09-01 00:00:00
WordPress BulletProof Security 5.1 Information Disclosure
2021-10-06 00:00:00
exploitdb
exploitdb
Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure
2021-10-06 00:00:00
wpexploit
wpexploit
BulletProof Security < 5.2 - Sensitive Information Disclosure
2021-09-16 00:00:00
cvelist
cvelist
CVE-2021-39327 BulletProof Security <= 5.1 Sensitive Information Disclosure
2021-09-17 10:26:21
zdt
zdt
metasploit
metasploit
Wordpress BulletProof Security Backup Disclosure
2021-10-12 22:43:41
nuclei
nuclei
WordPress BulletProof Security 5.1 Information Disclosure
2021-10-08 13:31:41
patchstack
patchstack
nvd
nvd
CVE-2021-39327
2021-09-17 11:15:08
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-11-05 19:43:51