7.5
CVE-2024-10028
- EPSS 1.7%
- Veröffentlicht 06.11.2024 00:15:13
- Zuletzt bearbeitet 08.11.2024 21:21:47
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginEverest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup.
Mögliche Gegenmaßnahme
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: Update to version 2.2.14, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin
Version
*-2.2.13
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Everestthemes ≫ Everest Backup SwPlatformwordpress Version < 2.2.14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.7% | 0.819 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-922 Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors.