cbcvebase.
CVE-2023-6505
published 2024-01-08

CVE-2023-6505: The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files.

PriorityP268high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
39.87%
98.4th percentile
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files.

Affected

1 ranges
VendorProductVersion rangeFixed in
codexonicsprime_mover< 1.9.31.9.3

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/uploads/prime-mover-export-files/1/
path/wp-content/uploads/prime-mover-export-files/1/
filename.wprime
otherbody="/wp-content/plugins/prime-mover"
  • Send an unauthenticated HTTP GET request to /wp-content/uploads/prime-mover-export-files/1/ and check for directory listing response containing 'Index of /wp-content/uploads/prime-mover-export-files/1' or '.wprime' in the body with HTTP 200 status.
  • Look for WordPress sites exposing the Prime Mover plugin path in page body as a passive discovery signal.
  • Exploitation requires no authentication; unauthenticated attackers can directly access the export directory to extract sensitive data including password hashes.
  • ·The vulnerable directory listing path includes a user-ID subfolder ('1/'); other user IDs may also be exposed if additional WordPress users have export files.
  • ·Affected versions are all Prime Mover releases up to and including 1.9.2; the fix was introduced in 1.9.3.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.