WordPress Plugin Vulnerabilities
Backup Migration Staging < 1.3.6 - Sensitive Data Exposure
Description
The plugin stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.
Proof of Concept
1) Run a backup of the site 2) Notice the following files are all publicly available while the site is being backed up: ./wp-content/plugins/backup-backup/includes/htaccess/db_tables/wp_links.sql ./wp-content/plugins/backup-backup/includes/htaccess/db_tables/wp_users.sql ./wp-content/plugins/backup-backup/includes/htaccess/db_tables/wp_termmeta.sql ./wp-content/plugins/backup-backup/includes/htaccess/bmi_logs_this_backup.log (... the list is not exhaustive, virtually every table accessible to the site gets dumped in those log files ...)
Affects Plugins
Fixed in 1.3.6 References
Classification
Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
CWE
Miscellaneous
Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-12-07 (about 5 months ago)
Added
2023-12-08 (about 5 months ago)
Last Updated
2023-12-13 (about 5 months ago)
WPScan 