FastDup – Fastest WordPress Migration & Duplicator < 2.2 – Directory Listing to Account Takeover and Sensitive Data Exposure | CVE 2023-6592 | Plugin Vulnerabilities

Description

The plugin does not prevent directory listing in sensitive directories containing export files.

Proof of Concept

1) Run backup function http://your_site/wordpress/wp-admin/admin.php?page=njt-fastdup#/
2) During backup creation, you can intercept the following paths:
wordpress/wp-content/plugins/fastdup/logs
wordpress/wp-content/njt-fastdup/tmp
3) After backup go to /wordpress/wp-content/njt-fastdup/packages/ and see all backup files inside directory

Affects Plugins

Fixed in 2.2

References

CVE

URL

https://research.cleantalk.org/cve-2023-6592-fastdup-database-users-password-leak-poc-exploit/

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

a39bb807-b143-4863-88ff-1783e407d7d4

Timeline

Publicly Published

2024-01-15 (about 4 months ago)

Added

2024-01-15 (about 4 months ago)

Last Updated

2024-01-16 (about 4 months ago)

Other

Published

Title

Published

2022-08-01

Title

Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure

Published

2024-02-02

Title

Post Thumbnail Editor <= 2.4.8 - Sensitive Information Exposure

Published

2023-12-04

Title

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

Published

2023-09-11

Title

WooCommerce < 7.0.1 - Authenticated(Shop Manager+) Sensitive Information Exposure

Published

2024-04-22

Title

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder < 2.6.1 - Information Exposure