CVE-2024-7315

Summary

The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.

Affected Software

VendorProductVersion RangeStatus
UnknownMigration, Backup, Staging0.9.103 < 0.9.106affected

Weaknesses

  • CWE-530 Exposure of Backup File to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References