CVE-2021-39327 (GCVE-0-2021-39327)
Vulnerability from cvelistv5
Published
2021-09-17 10:26
Modified
2025-03-31 18:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AITpro | BulletProof Security |
Version: 5.1 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:42.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/50382"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-39327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T18:21:40.049342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T18:21:46.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BulletProof Security",
"vendor": "AITpro",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vincent Rakotomanga"
}
],
"datePublic": "2021-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T19:34:40.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/50382"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 5.2 or newer of the plugin."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BulletProof Security \u003c= 5.1 Sensitive Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-09-16T15:36:00.000Z",
"ID": "CVE-2021-39327",
"STATE": "PUBLIC",
"TITLE": "BulletProof Security \u003c= 5.1 Sensitive Information Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BulletProof Security",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.1",
"version_value": "5.1"
}
]
}
}
]
},
"vendor_name": "AITpro"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vincent Rakotomanga"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327"
},
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail=",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail="
},
{
"name": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html"
},
{
"name": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327",
"refsource": "MISC",
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327"
},
{
"name": "https://www.exploit-db.com/exploits/50382",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/50382"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 5.2 or newer of the plugin."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-39327",
"datePublished": "2021-09-17T10:26:21.264Z",
"dateReserved": "2021-08-20T00:00:00.000Z",
"dateUpdated": "2025-03-31T18:21:46.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-39327\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2021-09-17T11:15:08.647\",\"lastModified\":\"2024-11-21T06:19:14.770\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.\"},{\"lang\":\"es\",\"value\":\"El plugin BulletProof Security de WordPress es vulnerable a una divulgaci\u00f3n de informaci\u00f3n confidencial debido a una divulgaci\u00f3n de la ruta de archivos en el archivo ~/db_backup_log.txt de acceso p\u00fablico que otorga a los atacantes la ruta completa del sitio, adem\u00e1s de la ruta de los archivos de copia de seguridad de la base de datos. Esto afecta a las versiones hasta la 5.1, incluy\u00e9ndola\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-459\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof_security:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"5.1\",\"matchCriteriaId\":\"F41E2B5F-BB18-4CAE-B3ED-FAA663B2F397\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html\",\"source\":\"security@wordfence.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327\",\"source\":\"security@wordfence.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail=\",\"source\":\"security@wordfence.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/50382\",\"source\":\"security@wordfence.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327\",\"source\":\"security@wordfence.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail=\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/50382\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail=\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/50382\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T02:06:42.320Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-39327\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-31T18:21:40.049342Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-31T18:21:34.288Z\"}}], \"cna\": {\"title\": \"BulletProof Security \u003c= 5.1 Sensitive Information Disclosure\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Vincent Rakotomanga\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"AITpro\", \"product\": \"BulletProof Security\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.1\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to version 5.2 or newer of the plugin.\"}], \"datePublic\": \"2021-09-16T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail=\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.exploit-db.com/exploits/50382\", \"tags\": [\"x_refsource_MISC\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Information Exposure\"}]}], \"providerMetadata\": {\"orgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"shortName\": \"Wordfence\", \"dateUpdated\": \"2022-02-07T19:34:40.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Vincent Rakotomanga\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, \"source\": {\"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_name\": \"5.1\", \"version_value\": \"5.1\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"BulletProof Security\"}]}, \"vendor_name\": \"AITpro\"}]}}, \"solution\": [{\"lang\": \"en\", \"value\": \"Update to version 5.2 or newer of the plugin.\"}], \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327\", \"name\": \"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327\", \"refsource\": \"MISC\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail=\", \"name\": \"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail=\", \"refsource\": \"MISC\"}, {\"url\": \"http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html\", \"name\": \"http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327\", \"name\": \"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.exploit-db.com/exploits/50382\", \"name\": \"https://www.exploit-db.com/exploits/50382\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-200 Information Exposure\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-39327\", \"AKA\": \"Wordfence\", \"STATE\": \"PUBLIC\", \"TITLE\": \"BulletProof Security \u003c= 5.1 Sensitive Information Disclosure\", \"ASSIGNER\": \"security@wordfence.com\", \"DATE_PUBLIC\": \"2021-09-16T15:36:00.000Z\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-39327\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-31T18:21:46.022Z\", \"dateReserved\": \"2021-08-20T00:00:00.000Z\", \"assignerOrgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"datePublished\": \"2021-09-17T10:26:21.264Z\", \"assignerShortName\": \"Wordfence\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…