WordPress · Bulletproof Security · CVE-2021-39327
Name of the Vulnerable Software and Affected Versions:
BulletProof Security WordPress plugin versions up to, and including, 5.1
Description:
The issue concerns sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db backup log.txt file. This grants attackers the full path of the site, in addition to the path of database backup files.
Recommendations:
For versions up to, and including, 5.1, update to a version higher than 5.1 to resolve the issue. As a temporary workaround, consider restricting access to the ~/db backup log.txt file to minimize the risk of exploitation.