The Backup Migration plugin for... CVE-2023-6266

- AV AC AU C I A
发布: 2024-01-11
修订: 2024-01-17

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more.

0%
暂无可用Exp或PoC
当前有1条受影响产品信息