Vulnerability Details : CVE-2023-6113
The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.
Products affected by CVE-2023-6113
- cpe:2.3:a:wp-staging:wp_staging:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6113
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6113
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | 2024-01-08 |
References for CVE-2023-6113
-
https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/
CVE-2023-6113 - WP Staging - Unauth Sensitive Data Exposure to Account Takeover - POC/Exploit - Use only certified WordPress plugins for your websiteExploit;Third Party Advisory
-
https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb
Just a moment...Exploit;Third Party Advisory
Jump to