JetBackup < 2.0.9.9 – Directory Listing Exposing Backups | CVE 2023-7165 | Plugin Vulnerabilities

Description

The plugin doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files.

A partial fix was released in 2.0.9.6, removing the ability to list the directory but still allowing direct access to the files by only guessing the timestamp of the backup.

Proof of Concept

1) Run backup function http://your_site/wordpress/wp-admin/admin.php?page=backup_guard_backups
2) When the scan is over, the attacker must sort through the directory "/wordpress/wp-content/uploads/jetbackup/*", after which there will be a Directory Listing vulnerability in it, which will allow pumping out all backup and all logs. This vulnerability will be available if a person names the file in a simple way.

Affects Plugins

Fixed in 2.0.9.9

References

CVE

URL

https://research.cleantalk.org/cve-2023-7165-jetbackup-poc/

YouTube Video

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

ad1ef4c5-60c1-4729-81dd-f626aa0ce3fe

Timeline

Publicly Published

2023-11-30 (about 2 years ago)

Added

2024-02-02 (about 1 year ago)

Last Updated

2024-02-07 (about 1 year ago)

Other

Published

Title

Published

2024-09-24

Title

Themesflat Addons For Elementor < 2.2.2 - Contributor+ Information Exposure

Published

2025-08-14

Title

Awesome Support <= 6.3.5 - Information Exposure

Published

2025-04-18

Title

AnalyticsWP <= 2.1.2 - Unauthenticated Sensitive Information Exposure

Published

2025-12-06

Title

Rehub < 19.9.9.2 - Unauthenticated Information Exposure

Published

2025-09-22

Title

WP < 6.8.3 - Author+ DOM Stored XSS