7.5
CVE-2023-6113
- EPSS 0.78%
- Veröffentlicht 01.01.2024 15:15:43
- Zuletzt bearbeitet 18.06.2025 15:15:25
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download
WP STAGING WordPress Backup Plugin Free <= 3.1.2 and Pro <= 5.1.2 - Sensitive Information Exposure
The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.
Mögliche Gegenmaßnahme
WP STAGING – WordPress Backup, Migration, Clone & Duplicate: Update to version 3.1.3, or a newer patched version
WP STAGING Pro WordPress Backup Plugin: Update to version 5.1.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wp-staging ≫ Wp Staging SwPlatformwordpress Version < 3.1.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP STAGING – WordPress Backup, Migration, Clone & Duplicate
Version
[*, 3.1.3)
SystemWordPress Plugin
≫
Produkt
WP STAGING Pro WordPress Backup Plugin
Version
[*, 5.1.3)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.78% | 0.512 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/
https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3e03668-c9ee-4c4b-8240-998ef45a5326