WordPress Plugin Vulnerabilities

WP Retina 2x < 6.4.6 - Sensitive Information Exposure

Description

The Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.5 due to guessable log file names. This makes it possible for unauthenticated attackers to extract sensitive data.

Affects Plugins

Plugin icon
wp-retina-2x
Fixed in 6.4.6

References

CVE
CVE-2023-44982
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/52c2aae5-17c2-45eb-b55f-bb27555fb1f7

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Joshua Chan
Verified
No
WPVDB ID
aba0c4a1-e253-4b5b-b46d-239567567b16

Timeline

Publicly Published
2023-11-28 (about 2 years ago)
Added
2023-12-07 (about 2 years ago)
Last Updated
2023-12-07 (about 2 years ago)

Other

Published
Title
Published
2025-07-21
Title
Birth Chart Compatibility <= 2.0 - Unauthenticated Full Path Exposure
Published
2025-02-28
Title
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss < 2.7.0 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
Published
2025-01-03
Title
Post/Page Copying Tool < 2.0.1 - Unauthenticated Sensitive Information Exposure
Published
2024-07-13
Title
UsersWP < 1.2.12 - Users Information Disclosure
Published
2024-05-07
Title
WP Job Manager < 2.3.0 - Unauthenticated Information Exposure