PT-2024-15238 · WordPress · Backup/Restore Wordpress – Backup Plugin
Dmitry Ignatyev
·
Published
2024-03-06
·
Updated
2025-05-07
·
CVE-2023-7232
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Backup and Restore WordPress plugin versions 1.45 and earlier
Description
The issue allows unauthenticated users to access sensitive information, such as site configuration, by not protecting some log files. This poses a severe threat to WordPress sites using the affected plugin. Unauthenticated users can access sensitive data.
Recommendations
For versions 1.45 and earlier, update to a version that contains a fix for this issue to prevent unauthenticated access to sensitive data. As a temporary workaround, consider restricting access to log files until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Backup/Restore Wordpress – Backup Plugin