{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7315", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2024-07-30T21:02:19.738Z", "datePublished": "2024-10-02T06:00:02.453Z", "dateUpdated": "2025-08-27T12:00:47.136Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-08-27T12:00:47.136Z"}, "title": "Migration, Backup, Staging \u2013 WPvivid < 0.9.106 - Unauthenticated Sensitive Data Exposure", "problemTypes": [{"descriptions": [{"description": "CWE-530 Exposure of Backup File to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Migration, Backup, Staging", "versions": [{"status": "affected", "versionType": "semver", "version": "0.9.103", "lessThan": "0.9.106"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups."}], "references": [{"url": "https://wpscan.com/vulnerability/456b728b-a451-4afb-895f-850ddc4fb589/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Dmitrii Ignatyev", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"affected": [{"vendor": "wpvivid_team", "product": "migration_backup_staging", "cpes": ["cpe:2.3:a:wpvivid_team:migration_backup_staging:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.9.106", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T16:30:50.957014Z", "id": "CVE-2024-7315", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T16:33:45.248Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-7315", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-02T16:30:50.957014Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wpvivid_team:migration_backup_staging:*:*:*:*:*:*:*:*"], "vendor": "wpvivid_team", "product": "migration_backup_staging", "versions": [{"status": "affected", "version": "0", "lessThan": "0.9.106", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T16:33:34.499Z"}}], "cna": {"title": "Migration, Backup, Staging \u2013 WPvivid < 0.9.106 - Unauthenticated Sensitive Data Exposure", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Migration, Backup, Staging", "versions": [{"status": "affected", "version": "0.9.103", "lessThan": "0.9.106", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/456b728b-a451-4afb-895f-850ddc4fb589/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-530 Exposure of Backup File to an Unauthorized Control Sphere"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-08-25T14:34:24.077Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7315", "state": "PUBLISHED", "dateUpdated": "2025-08-25T14:34:24.077Z", "dateReserved": "2024-07-30T21:02:19.738Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2024-10-02T06:00:02.453Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpvivid:migration\\,_backup\\,_staging:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EA02E65F-146B-43EB-B489-2452A1024787", "versionEndExcluding": "0.9.106", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups."}, {"lang": "es", "value": "El complemento Migration, Backup, Staging de WordPress anterior a 0.9.106 no utiliza suficiente aleatoriedad en el nombre del archivo que se crea al generar una copia de seguridad, lo que podr\u00eda ser forzado por atacantes para filtrar informaci\u00f3n confidencial sobre dichas copias de seguridad."}], "id": "CVE-2024-7315", "lastModified": "2025-05-16T20:32:49.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-10-02T06:15:09.963", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/456b728b-a451-4afb-895f-850ddc4fb589/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-338"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}