Lucene search
Dmitrii IgnatyevWPVDB-ID:FAD9EEFE-4552-4D20-A1FD-BB2E172EC8D7HistoryDec 18, 2023 - 12:00 a.m.
Clone < 2.4.3 - Unauthenticated Backup Download
2023-12-1800:00:00
Dmitrii Ignatyev
wpscan.com
6
backup file
unauthenticated access
vulnerability
buffer files
publicly accessible
static file path
plugin vulnerability
Description The plugin uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path.
PoC
While a backup job is running, visitors can access one of the following files (it might take a couple tries, as the timing needs to be right): “http://127.0.0.1/wordpress/wp-content/uploads/wp-clone/wpclone_backup/file.list”, “http://127.0.0.1/wordpress/wp-content/uploads/wp-clone/wpclone_backup/database.sql”, “http://127.0.0.1/wordpress/wp-content/uploads/wp-clone/wpclone_backup/prefix.txt”
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.4.3 |
Related
nvd
nvd
CVE-2023-6750
2024-01-08 19:15:10
cvelist
cvelist
CVE-2023-6750 Clone < 2.4.3 - Unauthenticated Backup Download
2024-01-08 19:00:37
wpexploit
wpexploit
Clone < 2.4.3 - Unauthenticated Backup Download
2023-12-18 00:00:00
cve
cve
CVE-2023-6750
2024-01-08 19:15:10
prion
prion
Path traversal
2024-01-08 19:15:00
wordfence
wordfence
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.0%
Related for WPVDB-ID:FAD9EEFE-4552-4D20-A1FD-BB2E172EC8D7