WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.2.0 – Unauthorized Sensitive Data Exposure | CVE 2023-7204 | Plugin Vulnerabilities

Description

The plugin allows access to cache files during the cloning process which provides
unauthorized access to sensitive data

Proof of Concept

1) When an admin creates a staging site, an attacker can capture a `.cache` file which reveals sensitive information including: DB_name, DB_tables, DB_columns.
2) These files can be accessed at these URLs during backup: 
	- http://127.0.0.1/wordpress/wp-content/uploads/wp-staging/clone_options.cache
	- http://127.0.0.1/wordpress/wp-content/uploads/wp-staging/files_to_copy.cache

Affects Plugins

Fixed in 3.2.0

References

CVE

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

65a8cf83-d6cc-4d4c-a482-288a83a69879

Timeline

Publicly Published

2024-01-05 (about 4 months ago)

Added

2024-01-05 (about 4 months ago)

Last Updated

2024-01-05 (about 4 months ago)

Other

Published

Title

Published

2021-08-26

Title

PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure

Published

2021-02-23

Title

Web-Stat < 1.4.1 - API Key Disclosure

Published

2021-08-18

Title

BuddyPress < 9.1.1 - Activation Key Disclosure

Published

2021-03-26

Title

Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure

Published

2021-09-09

Title

WordPress 5.4 to 5.8 - Data Exposure via REST API