Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-6972

Published: 23/12/2023 Updated: 29/12/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Backup Migration

Vulnerability Summary

The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated malicious users to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.

Vulnerable Product Search on Vulmon Subscribe to Product

backupbliss backup migration

References

CWE-22https://www.wordfence.com/threat-intel/vulnerabilities/id/0a3ae696-f67d-4ed2-b307-d2f36b6f188c?source=cvehttps://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/backup-heart.phphttps://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/bypasser.phphttps://plugins.trac.wordpress.org/changeset/3012745/backup-backuphttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook