{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6113", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-11-13T21:19:58.462Z", "datePublished": "2024-01-01T14:18:58.931Z", "dateUpdated": "2025-06-18T14:57:10.430Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-01-01T14:18:58.931Z"}, "title": "WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download", "problemTypes": [{"descriptions": [{"description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "WP STAGING WordPress Backup Plugin", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "3.1.3"}], "defaultStatus": "unaffected", "collectionURL": "https://wordpress.org/plugins"}, {"vendor": "Unknown", "product": "WP STAGING Pro WordPress Backup Plugin", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "5.1.3"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later."}], "references": [{"url": "https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb", "tags": ["exploit", "vdb-entry", "technical-description"]}, {"url": "https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/", "tags": ["technical-description"]}], "credits": [{"lang": "en", "value": "Dmitrii Ignatyev", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.325Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/", "tags": ["technical-description", "x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-01-02T14:42:19.402865Z", "id": "CVE-2023-6113", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-18T14:57:10.430Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/", "tags": ["technical-description", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.325Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-6113", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-02T14:42:19.402865Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-18T14:57:04.168Z"}}], "cna": {"title": "WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "WP STAGING WordPress Backup Plugin", "versions": [{"status": "affected", "version": "0", "lessThan": "3.1.3", "versionType": "semver"}], "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}, {"vendor": "Unknown", "product": "WP STAGING Pro WordPress Backup Plugin", "versions": [{"status": "affected", "version": "0", "lessThan": "5.1.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb", "tags": ["exploit", "vdb-entry", "technical-description"]}, {"url": "https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/", "tags": ["technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-200 Information Exposure"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-01-01T14:18:58.931Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6113", "state": "PUBLISHED", "dateUpdated": "2025-06-18T14:57:10.430Z", "dateReserved": "2023-11-13T21:19:58.462Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2024-01-01T14:18:58.931Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wp-staging:wp_staging:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6249078F-54BE-4941-9345-AD52EBC82EEC", "versionEndExcluding": "3.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later."}, {"lang": "es", "value": "WP STAGING WordPress Backup Plugin anterior a 3.1.3 y WP STAGING Pro WordPress Backup Plugin anterior a 5.1.3 no impiden que los visitantes filtren informaci\u00f3n clave sobre los procesos de copia de seguridad en curso, lo que permite a atacantes no autenticados descargar dichas copias de seguridad m\u00e1s tarde."}], "id": "CVE-2023-6113", "lastModified": "2025-06-18T15:15:25.073", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-01-01T15:15:43.243", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}