WordPress Plugin Vulnerabilities
Clone < 2.4.3 - Unauthenticated Backup Download
Description
The plugin uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path.
Proof of Concept
While a backup job is running, visitors can access one of the following files (it might take a couple tries, as the timing needs to be right): "http://127.0.0.1/wordpress/wp-content/uploads/wp-clone/wpclone_backup/file.list", "http://127.0.0.1/wordpress/wp-content/uploads/wp-clone/wpclone_backup/database.sql", "http://127.0.0.1/wordpress/wp-content/uploads/wp-clone/wpclone_backup/prefix.txt"
Affects Plugins
References
Classification
Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
CWE
Miscellaneous
Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-12-18 (about 4 months ago)
Added
2023-12-18 (about 4 months ago)
Last Updated
2023-12-20 (about 4 months ago)