{ "id": "CVE-2023-7236", "sourceIdentifier": "contact@wpscan.com", "published": "2024-03-18T19:15:06.207", "lastModified": "2024-12-04T15:15:08.850", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information." }, { "lang": "es", "value": "El complemento Backup Bolt de WordPress hasta la versi\u00f3n 1.3.0 es vulnerable a la exposici\u00f3n de la informaci\u00f3n a trav\u00e9s del acceso desprotegido a los registros de depuraci\u00f3n. Esto hace posible que atacantes no autenticados recuperen el registro de depuraci\u00f3n que puede contener informaci\u00f3n como errores del sistema que podr\u00edan contener informaci\u00f3n confidencial." } ], "metrics": { "cvssMetricV31": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 } ] }, "weaknesses": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "references": [ { "url": "https://wpscan.com/vulnerability/2a4557e2-b764-4678-a6d6-af39dd1ba76b/", "source": "contact@wpscan.com" }, { "url": "https://wpscan.com/vulnerability/2a4557e2-b764-4678-a6d6-af39dd1ba76b/", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }