WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.2.0 – Unauthorized Sensitive Data Exposure | CVE 2023-7204 | Plugin Vulnerabilities

Description

The plugin allows access to cache files during the cloning process which provides
unauthorized access to sensitive data

Proof of Concept

1) When an admin creates a staging site, an attacker can capture a `.cache` file which reveals sensitive information including: DB_name, DB_tables, DB_columns.
2) These files can be accessed at these URLs during backup: 
	- http://127.0.0.1/wordpress/wp-content/uploads/wp-staging/clone_options.cache
	- http://127.0.0.1/wordpress/wp-content/uploads/wp-staging/files_to_copy.cache

Affects Plugins

Fixed in 3.2.0

References

CVE

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

65a8cf83-d6cc-4d4c-a482-288a83a69879

Timeline

Publicly Published

2024-01-05 (about 1 year ago)

Added

2024-01-05 (about 1 year ago)

Last Updated

2024-01-05 (about 1 year ago)

Other

Published

Title

Published

2022-08-01

Title

Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure

Published

2023-12-13

Title

Debug Log Manager < 2.3.0 - Sensitive Logs Exposure

Published

2025-01-06

Title

Member Access <= 1.1.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

Published

2023-10-13

Title

Libsyn Publisher Hub <= 1.4.4 - Sensitive Information Exposure

Published

2025-10-16

Title

MasterStudy LMS < 3.6.21 - Authenticated (Instructor+) Sensitive Information Exposure