← back
CVE-2021-39327

BulletProof Security <= 5.1 Sensitive Information Disclosure

CVSS 5.3 MEDIUMEPSS 72.3%CWE-200
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
AITpro · BulletProof Security
public PoCs found2
cve_referencepacketstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.htmlunverifiedcve_referencewww.exploit-db.com/exploits/50382unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.htmlhttps://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2591118%40bulletproof-security&new=2591118%40bulletproof-security&sfp_email=&sfph_mail=https://www.exploit-db.com/exploits/50382https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327