{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-7236","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2024-01-18T20:42:45.975Z","datePublished":"2024-03-18T19:05:53.302Z","dateUpdated":"2024-12-04T14:59:43.541Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2024-03-18T19:05:53.302Z"},"title":"Backup Bolt <= 1.3.0 - Sensitive Data Exposure","problemTypes":[{"descriptions":[{"description":"CWE-200 Information Exposure","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Backup Bolt","versions":[{"status":"affected","versionType":"semver","version":"0","lessThanOrEqual":"1.3.0"}],"defaultStatus":"affected","collectionURL":"https://wordpress.org/plugins"}],"descriptions":[{"lang":"en","value":"The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information."}],"references":[{"url":"https://wpscan.com/vulnerability/2a4557e2-b764-4678-a6d6-af39dd1ba76b/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Dmitrii Ignatyev","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}],"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":4.7,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-03-19T14:19:38.967592Z","id":"CVE-2023-7236","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-04T14:59:43.541Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T08:57:35.245Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/2a4557e2-b764-4678-a6d6-af39dd1ba76b/","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]}]}}