CVE-2021-39327

Exploit

EPSS 72.33%
Veröffentlicht 17.09.2021 11:15:08
Zuletzt bearbeitet 21.11.2024 06:19:14
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

BulletProof Security <= 5.1 Sensitive Information Disclosure

BulletProof Security <= 5.1 - Sensitive Information Disclosure

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.

Mögliche Gegenmaßnahme

BulletProof Security: Update to version 5.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ait-pro ≫ Bulletproof Security SwPlatformwordpress Version <= 5.1

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt BulletProof Security

Version *-5.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	72.33%	0.994

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html

Third Party Advisory

Exploit

VDB Entry

https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327

Third Party Advisory

Exploit

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2591118%40bulletproof-security&new=2591118%40bulletproof-security&sfp_email=&sfph_mail=

Patch

Third Party Advisory

https://www.exploit-db.com/exploits/50382

Third Party Advisory

Exploit

VDB Entry

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/4735c491-9595-42b8-bb1c-1b18c89fcf7a

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-39327

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-39327

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-39327

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-39327