FastDup – Fastest WordPress Migration & Duplicator < 2.2 – Directory Listing to Account Takeover and Sensitive Data Exposure | CVE 2023-6592 | Plugin Vulnerabilities

Description

The plugin does not prevent directory listing in sensitive directories containing export files.

Proof of Concept

1) Run backup function http://your_site/wordpress/wp-admin/admin.php?page=njt-fastdup#/
2) During backup creation, you can intercept the following paths:
wordpress/wp-content/plugins/fastdup/logs
wordpress/wp-content/njt-fastdup/tmp
3) After backup go to /wordpress/wp-content/njt-fastdup/packages/ and see all backup files inside directory

Affects Plugins

Fixed in 2.2

References

CVE

URL

https://research.cleantalk.org/cve-2023-6592-fastdup-database-users-password-leak-poc-exploit/

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

a39bb807-b143-4863-88ff-1783e407d7d4

Timeline

Publicly Published

2024-01-15 (about 3 months ago)

Added

2024-01-15 (about 3 months ago)

Last Updated

2024-01-16 (about 3 months ago)

Other

Published

Title

Published

2024-04-05

Title

WordPress Backup & Migration < 1.4.8 - Unauthenticated Sensitive Information Exposure

Published

2022-10-31

Title

DeepL Pro API Translation < 1.7.5 - API Key Disclosure

Published

2024-02-02

Title

LearnDash LMS < 4.10.3 - Sensitive Information Exposure via API

Published

2021-09-09

Title

WordPress 5.4 to 5.8 - Data Exposure via REST API

Published

2021-03-03

Title

User Profile Picture < 2.5.0 - Sensitive Information Disclosure