WordPress Plugin Vulnerabilities

Media File Renamer < 5.7.0 - Sensitive Information Exposure via Log File

Description

The Media File Renamer: Rename Files (Manual, Auto & AI) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.9 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including file upload events and paths.

Affects Plugins

Plugin icon
media-file-renamer
Fixed in 5.7.0

References

CVE
CVE-2023-44991
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/71e55161-f5ad-44e5-8a61-ce48c05e6dba

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Joshua Chan
Verified
No
WPVDB ID
0831b9f1-2fc3-4694-9742-7520fd4ac09b

Timeline

Publicly Published
2023-11-28 (about 2 years ago)
Added
2023-12-07 (about 2 years ago)
Last Updated
2023-12-07 (about 2 years ago)

Other

Published
Title
Published
2025-09-26
Title
FoodBook <= 4.7.1 - Unauthenticated Sensitive Information Exposure
Published
2023-11-30
Title
JetBackup < 2.0.9.9 - Directory Listing Exposing Backups
Published
2023-11-28
Title
WP Retina 2x < 6.4.6 - Sensitive Information Exposure
Published
2025-01-30
Title
Order Export for WooCommerce < 3.25 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
Published
2025-03-28
Title
DAP to Autoresponders Email Syncing <= 1.0 - Unauthenticated Information Exposure