Skip to main content

CVE-2021-39327

Description

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.

Wordfence
Severity: MEDIUM
CVE ID: CVE-2021-39327
CVSS Score: 5.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-39327

Refrence: Project Discovery GitHub

Description
Proof Of Concept