WordPress Plugin Vulnerabilities

Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure

Description

The plugin does not prevent directory listing in sensitive directories containing export files.

Proof of Concept

http://127.0.0.1/wordpress/wp-content/uploads/prime-mover-export-files/1/
0) Go to packages and crate new (If there is no backup now)
1) Go to this URL manualy
2) Use Exploit

Affects Plugins

Plugin icon
prime-mover
Fixed in 1.9.3

References

CVE
CVE-2023-6505
URL
https://research.cleantalk.org/cve-2023-6505-prime-mover-poc-exploit/

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
https://research.cleantalk.org
Verified
Yes
WPVDB ID
eca6f099-6af0-4f42-aade-ab61dd792629

Timeline

Publicly Published
2023-11-24 (about 5 months ago)
Added
2023-12-12 (about 5 months ago)
Last Updated
2023-12-13 (about 5 months ago)

Other

Published
Title
Published
2023-12-28
Title
WP Stripe Checkout < 1.2.2.38 - Sensitive Information Exposure via Debug Log
Published
2024-02-02
Title
WP Visitor Statistics (Real Time Traffic) < 6.9.5 - Sensitive Information Exposure via Log File
Published
2023-09-25
Title
WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing
Published
2024-04-22
Title
Simply Static < 3.1.4 - Unauthenticated Information Exposure
Published
2024-04-01
Title
WPFront User Role Editor < 4.1.0 - Limited Information Exposure