WordPress Plugin Vulnerabilities

Backup Migration < 1.4.4 - Information Exposure via Log Files

Description

The Backup Migration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.3 via log files. This makes it possible for unauthenticated attackers to extract potentially sensitive information via log files.

Affects Plugins

Plugin icon
backup-backup
Fixed in 1.4.4

References

CVE
CVE-2024-32686
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/af870e80-ad9e-4f45-952f-9ffb07ceca9c

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
emad
Verified
No
WPVDB ID
8ccd8ce5-0c98-46f0-81f0-d673d65ec82d

Timeline

Publicly Published
2024-04-17 (about 2 years ago)
Added
2024-04-24 (about 2 years ago)
Last Updated
2024-04-24 (about 2 years ago)

Other

Published
Title
Published
2024-02-21
Title
Maintenance Page < 1.0.9 - Security Mechanism Bypass via REST API
Published
2024-03-25
Title
WooCommerce < 8.6 - Contributor+ Private/Draft Products Access
Published
2024-02-27
Title
Under Construction / Maintenance Mode from Acurax <= 2.6 - Information Exposure
Published
2021-06-30
Title
Title Field Validation <= 1.1 - Unauthorised AJAX Calls
Published
2024-12-11
Title
Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce < 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation