Managefy WordPress Plugin Sensitive Information Exposure Vulnerability
Vulnerability
A vulnerability allowing sensitive information exposure has been identified in the File Manager, Code Editor, and Backup by Managefy plugin for WordPress. This issue affects all versions through 1.6.1 and arises from publicly accessible log files. The vulnerability enables unauthenticated attackers to access sensitive data such as full file paths and locations of backup files, which are recorded in the exposed log files.
Impact
Exploitation of this vulnerability allows unauthorized users to access sensitive information, including full file paths and details about backup file locations, potentially leading to further attacks or data manipulation.
Reproduction
The vulnerability can be reproduced by accessing the publicly exposed log files generated by the Managefy WordPress plugin. These log files contain sensitive information such as full paths and details about backup files, which can be viewed by unauthenticated users.
Remediation
Users are advised to update the Managefy WordPress plugin to version 1.6.2 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.