CVE-2023-6750 Scanner

WordPress WP Clone is a widely used plugin that assists WordPress users in creating backups and transferring their websites. It is employed by administrators and developers who wish to migrate their WordPress sites efficiently and ensure data protection. Particularly popular among those who manage multiple WordPress sites, it provides an easy-to-use interface for backup and cloning tasks. The plugin automates many of the technical aspects of site migration, aiming to reduce manual errors and save time. Users appreciate it for its ability to back up entire sites quickly, including databases, theme files, and other critical data. WP Clone's user-friendly approach makes it a preferred choice for both novice and experienced WordPress users.

The Information Disclosure vulnerability in WordPress WP Clone allows unauthorized access to backup data. This vulnerability stems from the plugin storing backup information in publicly accessible files, leading to potential exposure of sensitive data. Attackers can exploit this by locating these files and gaining access without special privileges. Once accessed, they can read confidential data, including user information and system configurations. The flaw is predominantly present in versions of WP Clone up to 2.4.2. If exploited, this could result in severe information leaks, impacting both site operators and visitors.

Technical details reveal that the vulnerability exists due to backup data files being stored at a static file path publicly accessible via HTTP. Specifically, the backup files containing information like database schemas and user credentials are stored within 'wp-content/uploads/wp-clone/wpclone_backup/'. Exploiting this flaw requires sending particular HTTP GET requests to known file paths, expecting certain SQL structures like 'CREATE TABLE' or 'INSERT INTO'. When successful, a response with HTTP status 200 is received, confirming access to sensitive backup data. The lack of adequate access restrictions on these paths allows the exploitation.

Exploitation of this vulnerability can lead to the exposure of sensitive backup data, which includes user credentials, configurations, and more. Attackers can manipulate or breach this data, potentially resulting in further unauthorized system access. This could lead to data theft, unauthorized data modifications, or complete data wipes, severely impacting the integrity of the targeted WordPress sites. Moreover, revealing password hashes and user details might facilitate further attacks like account takeovers or phishing schemes.

REFERENCES

• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-clone-by-wp-academy/clone-242-sensitive-information-exposure
• https://plugins.trac.wordpress.org/changeset/3012647/wp-clone-by-wp-academy
• https://nvd.nist.gov/vuln/detail/CVE-2023-6750