ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Backup Plugin 2.0.1 - Information Disclosure

Product
Backup
Description
WordPress Backup plugin is prone to an information disclosure vulnerability. The default configuration exposes a logfile with filenames of the actual backups. An these backup files are available for download. Depending on the settings, it gives an access to a copy of the WordPress database, content, plugins or uploads.
Solution
Local folder path setting should be set to a value that cannot be guessed by default. User can configure the plugin accordingly until a fix will be available.
Classification
Type Information Disclosure
OWASP Top 10 A6: Sensitive Data Exposure
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 2.0.1
Fixed In 2.0.2
Disclosure date
2012-07-02
Credits
Stephan Knauss