2.7
CVE-2023-5775
- EPSS 0.16%
- Veröffentlicht 26.02.2024 16:27:49
- Zuletzt bearbeitet 08.04.2026 18:18:33
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginBackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with administrator-level access, to retrieve the password from the password input field in the UI or from the options table where the password is stored.
Mögliche Gegenmaßnahme
BackWPup – WordPress Backup & Restore Plugin: Update to version 4.0.3, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
BackWPup – WordPress Backup & Restore Plugin
Version
*-4.0.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.377 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
|
| security@wordfence.com | 2.2 | 0.7 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
|
CWE-256 Plaintext Storage of a Password
Storing a password in plaintext may result in a system compromise.