Insertion of Sensitive Information into Log File Vulnerability Affects WordPress Backup & Migration
CVE-2024-31254

7.5HIGH

Key Information:

Vendor: Wordpress
Status: WordPress Backup & Migration
Vendor: CVE Published:; 10 April 2024

Summary

A vulnerability exists in the WebToffee WordPress Backup & Migration plugin that allows sensitive information to be inadvertently logged, exposing it to unauthorized access. This issue can arise when improper logging practices within the plugin lead to sensitive data being captured and stored in log files. Affected users running versions prior to 1.4.7 should assess their exposure and take appropriate measures to secure their configurations.

Affected Version(s)

WordPress Backup & Migration <= 1.4.7

References

https://patchstack.com/database/vulnerability/wp-migratio...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Mar 29, 2024

Credit

Joshua Chan (Patchstack Alliance)