WordPress Plugin Vulnerabilities

WP Reset < 2.0 - Sensitive Information Exposure due to Insufficient Randomness

Description

The plugin is vulnerable to Sensitive Information Exposure via the use of insufficiently random snapshot names, allowing unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames.

Affects Plugins

Plugin icon
wp-reset
Fixed in 2.0

References

CVE
CVE-2023-6799
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/68f41e88-ed36-4361-bddd-41495a540cd9

Miscellaneous

Original Researcher
Justin Kennedy
Verified
No
WPVDB ID
f18ef2f2-bab7-43d3-a4c3-0db396bf1be8

Timeline

Publicly Published
2024-03-26 (about 2 years ago)
Added
2024-03-27 (about 2 years ago)
Last Updated
2024-03-27 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
Myriad 2.0 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download
Published
2019-02-04
Title
Instagram Feed < 1.12 - Unspecified Issues
Published
2023-06-28
Title
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) < 7.6.5 - Authentication Bypass
Published
2014-08-01
Title
Lazyest Gallery 0.10.4.3 - Multiple File/Directory Insecure Permissions Local Content Manipulation
Published
2018-06-21
Title
WordPress Comments Import & Export <= 2.0.4 - CSV Injection