5.3
CVE-2021-39327
- EPSS 91.28%
- Veröffentlicht 17.09.2021 11:15:08
- Zuletzt bearbeitet 21.11.2024 06:19:14
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginBulletProof Security <= 5.1 - Sensitive Information Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
Mögliche Gegenmaßnahme
BulletProof Security: Update to version 5.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
BulletProof Security
Version
* - 5.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ait-pro ≫ Bulletproof Security SwPlatformwordpress Version <= 5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 91.28% | 0.996 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-459 Incomplete Cleanup
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.