CVE-2023-7165

Summary

The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files.

Affected Software

VendorProductVersion RangeStatus
UnknownJetBackup0 < 2.0.9.9affected

Weaknesses

  • CWE-200 Information Exposure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References