Bruteforce Vulnerability in WordPress Plugin Could Leak Sensitive Backup Information
CVE-2024-7315

Currently unrated

Key Information:

Vendor: Wordpress
Status: Migration, Backup, Staging
Vendor: CVE Published:; 2 October 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.

Affected Version(s)

Migration, Backup, Staging 0.9.103 < 0.9.106

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-7315 - Proof of Concept

References

https://wpscan.com/vulnerability/456b728b-a451-4afb-895f-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Oct 2, 2024
👾
Exploit known to exist
Oct 2, 2024
Vulnerability published
Oct 2, 2024
Vulnerability Reserved
Jul 30, 2024

Credit

Dmitrii Ignatyev

WPScan