Vulnerability Details : CVE-2020-7241
Potential exploit
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.
Products affected by CVE-2020-7241
- cpe:2.3:a:wpseeds:wp_database_backup:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-7241
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-7241
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-7241
-
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-7241
-
https://zeroauth.ltd/blog/2020/01/21/analysis-on-cve-2020-7241-misrepresenting-a-security-vulnerability/
Analysis on CVE-2020-7241, misrepresenting a security vulnerability? – ZeroAuthThird Party Advisory
-
https://wordpress.org/plugins/wp-database-backup/#developers
WP Database Backup – WordPress plugin | WordPress.orgThird Party Advisory
-
https://github.com/V1n1v131r4/Exploiting-WP-Database-Backup-WordPress-Plugin/blob/master/README.md
Exploiting-WP-Database-Backup-WordPress-Plugin/README.md at master · V1n1v131r4/Exploiting-WP-Database-Backup-WordPress-Plugin · GitHubExploit;Third Party Advisory
Jump to