Backup Migration < 1.3.7 – Unauthenticated Arbitrary File Download to Sensitive Information Exposure | CVE 2023-6266 | Plugin Vulnerabilities

Description

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more.

Affects Plugins

Fixed in 1.3.7

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/08801f53-3c57-41a3-a637-4b52637cc612

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Rafshanzani Suhada

Verified

No

WPVDB ID

c987a54e-eb98-4942-ab67-5e0283b0f4de

Timeline

Publicly Published

2023-11-30 (about 2 years ago)

Added

2023-12-01 (about 2 years ago)

Last Updated

2024-01-22 (about 2 years ago)

Other

Published

Title

Published

2023-11-06

Title

Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure

Published

2025-02-23

Title

System Dashboard < 2.8.19 - Authenticated (Subscriber+) Sensitive Information Exposure

Published

2025-08-14

Title

Awesome Support < 6.3.7 - Information Exposure

Published

2025-01-30

Title

Order Export for WooCommerce < 3.25 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

Published

2025-06-27

Title

Accept Stripe Payments Using Contact Form 7 < 3.1 - Unauthenticated Information Exposure