Backup Migration Staging < 1.3.6 – Sensitive Data Exposure | CVE 2023-6271 | Plugin Vulnerabilities

Description

The plugin stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.

Proof of Concept

1) Run a backup of the site
2) Notice the following files are all publicly available while the site is being backed up:
./wp-content/plugins/backup-backup/includes/htaccess/db_tables/wp_links.sql
./wp-content/plugins/backup-backup/includes/htaccess/db_tables/wp_users.sql
./wp-content/plugins/backup-backup/includes/htaccess/db_tables/wp_termmeta.sql
./wp-content/plugins/backup-backup/includes/htaccess/bmi_logs_this_backup.log

(... the list is not exhaustive, virtually every table accessible to the site gets dumped in those log files ...)

Affects Plugins

Fixed in 1.3.6

References

CVE

URL

https://research.cleantalk.org/cve-2023-6271-backup-migration-unauth-sensitive-data-exposure-to-full-control-of-the-site-poc-exploit

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

7ac217db-f332-404b-a265-6dc86fe747b9

Timeline

Publicly Published

2023-12-07 (about 2 years ago)

Added

2023-12-08 (about 2 years ago)

Last Updated

2023-12-13 (about 2 years ago)

Other

Published

Title

Published

2022-03-22

Title

Ninja Forms < 3.6.8-wp - Unauthenticated Email Address Disclosure

Published

2025-01-16

Title

WM Options Import Export <= 1.0.1 - Unauthenticated Information Exposure

Published

2025-07-29

Title

Atarim < 4.2.2 - Unauthenticated Information Exposure

Published

2024-10-14

Title

Elementor < 3.24.6 - Contributor+ Information Exposure via get_image_alt

Published

2024-08-16

Title

Contest Gallery < 23.1.3 - Unauthenticated Information Exposure