id: CVE-2023-6592 info: name: WordPress FastDup <= 2.1.9 Sensitive Information Exposure - Directory Listing author: pussycat0x severity: medium description: | FastDup WordPress plugin < 2.2 contains a directory listing vulnerability caused by lack of access restrictions in sensitive directories, letting attackers view export files, exploit requires no authentication. impact: | Attackers can access sensitive export files, potentially leading to information disclosure. remediation: | Update to version 2.2 or later. reference: - https://wpscan.com/vulnerability/a39bb807-b143-4863-88ff-1783e407d7d4/ - https://wordpress.org/plugins/fastdup/ - https://plugins.trac.wordpress.org/changeset/3012664 - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/fastdup/fastdup-219-sensitive-information-exposure-via-directory-listing classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2023-6592 cwe-id: CWE-548 epss-score: 0.04397 epss-percentile: 0.89277 metadata: verified: true max-request: 3 shodan-query: http.component:"WordPress" fofa-query: body="wp-content/njt-fastdup" google-query: inurl:"/wp-content/njt-fastdup/packages/" intitle:"Index of" tags: cve,cve2023,wordpress,wp-plugin,fastdup,log,wp http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/fastdup/logs/" matchers-condition: and matchers: - type: word part: body words: - "Index of" - "Parent Directory" condition: or - type: word part: header words: - "text/html" - type: status status: - 200 extractors: - type: regex part: body group: 1 name: listed-files regex: - 'href="([^"]+\.(zip|sql|log|txt|json|gz|tar))"' # digest: 4b0a00483046022100f20bfad41789278ac2fd5ff56cfca4598f870d8d93f3ef6d82f21feeb6ca31e8022100d34cc550584fe90b961449897b7dded9c442fc5a360177dd0271908ce8c85d70:922c64590222798bb761d5b6d8e72950