A critical vulnerability, CVE-2023-7232, has been uncovered in the Backup and Restore WordPress (BackITup) plugin, leaving websites susceptible to unauthenticated sensitive data exposure. This flaw poses a significant threat to the confidentiality of sensitive information stored on WordPress websites.
Main info:
| CVE | CVE-2023-7232 |
| Plugin | Backup and Restore WordPress (BackITup) <= 1.45 |
| Critical | High |
| All Time | 672 697 |
| Active installations | 10 000+ |
| Publicly Published | March 5, 2023 |
| Last Updated | March 5, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A3: Sensitive Data Exposure |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7232 https://wpscan.com/vulnerability/323fef8a-aa17-4698-9a02-c12d1d390763/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| December 18, 2023 | Plugin testing and vulnerability detection in the Backup and Restore WordPress (BackITup) have been completed |
| December 18, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| March 5, 2024 | Registered CVE-2024-1273 |
Discovery of the Vulnerability
During security assessments of the Backup and Restore WordPress plugin, researchers identified a logic flaw in the handling of directories, specifically within /wordpress/wp-content/plugins/wp-backitup/logs. This vulnerability allows unauthorized users to access and retrieve sensitive data stored in log files without requiring authentication.
Understanding of Sensitive Data Exposure attack’s
Sensitive data exposure occurs when critical information, such as configuration details, directory structures, and file contents, is inadvertently made accessible to unauthorized parties. In the case of WordPress, this vulnerability exposes essential site information contained within log files, including debug logs, backup status reports, and database upgrade logs. Attackers can exploit this flaw to gather valuable intelligence about the target website’s architecture and potentially sensitive data.
Exploiting the Sensitive Data Exposure Vulnerability
Exploiting this vulnerability is relatively straightforward for attackers. By accessing URLs corresponding to the exposed log files, malicious actors can download and inspect the contents remotely. This includes obtaining full links to backup folders in instances where backups are successful, providing adversaries with insights into the site’s backup infrastructure.
POC:
- There is a lot of sensitive data and most importantly, you can download this logs to your machine and read it. These files may also contain a full link to the backup folders if the backup is successful:
“http://your_site/wordpress/wp-content/plugins/wp-backitup/logs/debug_usage.log””http://your_site/wordpress/wp-content/plugins/wp-backitup/logs/backup_status.log”
“http://your_site/wordpress/wp-content/plugins/wp-backitup/logs/backup_response.log”
“http://your_site/wordpress/wp-content/plugins/wp-backitup/logs/debug_DATABASE_Upgrade.log”
“http://your_site/wordpress/wp-content/plugins/wp-backitup/logs/debug_PLUGIN_Upgrade.log”___
The potential risks associated with CVE-2023-7232 are significant. Unauthorized access to sensitive information could lead to further exploitation, such as targeted attacks aimed at compromising the website’s integrity, extracting confidential data, or launching subsequent cyberattacks. Real-world scenarios may involve threat actors leveraging the exposed data to orchestrate sophisticated attacks, including phishing campaigns, credential harvesting, or even ransomware deployment.
Recommendations for Improved Security
To mitigate the risk posed by CVE-2023-7232 and similar vulnerabilities, website administrators are advised to take immediate action. This includes:
- Applying patches or updates provided by the plugin vendor to address the vulnerability.
- Implementing access controls and authentication mechanisms to restrict unauthorized access to sensitive data.
- Regularly monitoring log files and system activity for any signs of suspicious behavior or unauthorized access.
- Employing security best practices, such as using strong passwords, enabling two-factor authentication, and keeping plugins and themes updated to the latest versions.
By proactively addressing these security measures, website owners can enhance their defenses against potential data breaches and protect the confidentiality, integrity, and availability of their WordPress websites.
#WordPressSecurity #SensitiveDataExposure #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
