WordPress BatchMove Plugin Information Disclosure Scanner

WordPress BatchMove Plugin is used by WordPress site administrators to manage database backups efficiently. This plugin is crucial for maintaining updated backups for WordPress sites that utilize the BatchMove Plugin, especially for those relying on managing substantial data changes. Site administrators and developers often use it to prevent data loss during updates or modifications. The plugin is integrated into WordPress sites to streamline the management of database backups. Providing a user-friendly interface, it allows admins to generate backups quickly. The BatchMove Plugin is open-source, encouraging contributions to enhance its functionality and maintain security.

The Information Disclosure vulnerability in the WordPress BatchMove Plugin allows unauthorized users to access sensitive database information. This flaw exists in version 1.5, exposing sensitive information through inadequate access controls. Attackers can exploit this vulnerability to download confidential database files from the server. The root cause lies in the exposure of backup files without proper authentication safeguards. As a result, sensitive information like database credentials or confidential data, if stored in backups, is at risk of being accessed. Fixing this vulnerability involves patching these leaks and ensuring robust authentication mechanisms.

Technically, the vulnerability arises from insufficient security checks on the endpoint where backup files are stored. Specifically, the vulnerability is present in the endpoint '{{BaseURL}}/wp-content/plugins/batchmove/sql/de-factuur-structure.sql'. This endpoint does not properly verify the user’s identity before allowing access to the database backup files. The vulnerability is identified through successful HTTP GET requests returning '200' status with sensitive SQL statements such as 'CREATE TABLE'. Attackers can craft specific requests to exploit the exposed endpoints to retrieve database files. This flaw makes unauthorized data retrieval possible, threatening data privacy and integrity.

Exploiting this vulnerability can have severe consequences, such as unauthorized access to confidential and sensitive database information. Attackers may utilize this information to manipulate or damage the database, leading to data loss or corruption. Such information disclosure can also allow adversaries to gain insight into the database structure, aiding further attacks like SQL Injection. Additionally, access to sensitive information can help attackers in orchestrating social engineering attacks or gaining unauthorized control of the website. Finally, the availability of such sensitive data can lead to legal implications for failing to protect user data adequately.

REFERENCES

• https://wordpress.com/zh-cn/install-plugins/