Description
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- AITpro / BulletProof Security5.1 – 5.1
Exploits & PoCs
- nucleiWordPress BulletProof Security 5.1 Information Disclosureby geeknik
References
- VENDOR_ADVISORYhttps://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327
- MISChttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2591118%40bulletproof-security&new=2591118%40bulletproof-security&sfp_email=&sfph_mail=
- EXPLOIThttp://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html
- MISChttps://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327
- EXPLOIThttps://www.exploit-db.com/exploits/50382