Vulnerability Name:

CVE-2018-19456 (CCN-161797)

Assigned:2018-11-21
Published:2018-11-21
Updated:2019-05-08
Summary:The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2018-19456

Source: SUSE
Type: Mailing List, Tool Signature
openSUSE-SU-2019:0021

Source: XF
Type: UNKNOWN
wp-cve201819456-info-disc(161797)

Source: CCN
Type: WordPress Web site
Create a Free Website or Blog

Source: CCN
Type: WPbackupplus Web site
Control All Your Sites From A Single Powerful Dashboard

Source: CCN
Type: EasyHack Web page
WordPress plugin Database Backup Information Disclosure Vulnerability

Source: MISC
Type: Third Party Advisory
https://www.easyhack.in/2018/11/21/wordpress-plugin-database-backup-information-disclosure-vulnerability/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wplaunchpad:wpbackupplus:*:*:*:*:*:wordpress:*:* (Version <= 2018-11-22)

    • Configuration 2:
  • cpe:/o:opensuse:leap:42.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:201819456
    V
    		CVE-2018-19456
    2022-09-02
    oval:org.opensuse.security:def:10444
    P
    		Security update for MozillaFirefox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:10351
    P
    		Security update for python-Pygments (Important)
    2021-10-20
    oval:org.opensuse.security:def:10329
    P
    		Security update for openssl-1_0_0 (Important)
    2021-08-24
    oval:org.opensuse.security:def:10321
    P
    		Security update for libass (Important)
    2021-08-20
    oval:org.opensuse.security:def:11302
    P
    		ft2demos-2.5.3-2.11 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11280
    P
    		cups-filters-1.0.58-2.6 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:10642
    P
    		Security update for MozillaThunderbird (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:10397
    P
    		Security update for salt (Critical)
    2021-02-26
    oval:org.opensuse.security:def:16816
    P
    		libgit2-24-0.24.1-7.9.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:3980
    P
    		libgit2-24-0.24.1-7.9.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:18115
    P
    		Security update for libzypp, zypper (Important)
    2020-12-01
    oval:org.opensuse.security:def:17861
    P
    		Security update for libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18986
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18139
    P
    		Security update for php5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10578
    P
    		openexr-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18079
    P
    		Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important)
    2020-12-01
    oval:org.opensuse.security:def:17804
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18348
    P
    		Security update for systemd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18127
    P
    		Security update for gnome-shell (Low)
    2020-12-01
    oval:org.opensuse.security:def:10553
    P
    		libtidy-0_99-0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18048
    P
    		Security update for util-linux (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17719
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:18326
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:18070
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10478
    P
    		libXv-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17991
    P
    		Security update for libpng16 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17685
    P
    		Security update for libpng16 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18314
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18038
    P
    		Security update for X Window System client libraries (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10459
    P
    		krb5-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17906
    P
    		Security update for git (Important)
    2020-12-01
    oval:org.opensuse.security:def:18825
    P
    		Security update for libgit2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:17677
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18257
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:17928
    P
    		Security update for openssl (Important)
    2020-12-01
    oval:org.opensuse.security:def:17872
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18799
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:10629
    P
    		augeas-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18225
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17892
    P
    		Security update for postgresql94 (Important)
    2020-12-01
    oval:org.opensuse.security:def:19012
    P
    		Security update for libgit2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:17864
    P
    		Security update for libXi (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18161
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10620
    P
    		NetworkManager on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:125969
    P
    		Security update for libgit2 (Important)
    2019-01-07
    BACK
    wplaunchpad wpbackupplus *
    opensuse leap 42.3