Vulnerability Details CVE-2021-39327
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.913
EPSS Ranking 99.6%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html
- https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2591118%40bulletproof-security&new=2591118%40bulletproof-security&sfp_email=&sfph_mail=
- https://www.exploit-db.com/exploits/50382
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327
- http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html
- https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2591118%40bulletproof-security&new=2591118%40bulletproof-security&sfp_email=&sfph_mail=
- https://www.exploit-db.com/exploits/50382
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327
Products affected by CVE-2021-39327
-
cpe:2.3:a:ait-pro:bulletproof_security:.44
-
cpe:2.3:a:ait-pro:bulletproof_security:.44.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.45
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.46
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.47
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.48
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.49
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.50
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.51
-
cpe:2.3:a:ait-pro:bulletproof_security:.51.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.51.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.51.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.51.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.51.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.51.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.51.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.51.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.51.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.52
-
cpe:2.3:a:ait-pro:bulletproof_security:.52.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.52.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.52.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.52.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.52.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.52.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.52.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.52.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.52.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.53
-
cpe:2.3:a:ait-pro:bulletproof_security:.53.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.53.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.53.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.53.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.53.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.53.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.53.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.53.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.53.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.54
-
cpe:2.3:a:ait-pro:bulletproof_security:.54.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.54.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.54.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.54.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.54.5
-
cpe:2.3:a:ait-pro:bulletproof_security:1.0
-
cpe:2.3:a:ait-pro:bulletproof_security:1.1
-
cpe:2.3:a:ait-pro:bulletproof_security:2.0
-
cpe:2.3:a:ait-pro:bulletproof_security:2.1
-
cpe:2.3:a:ait-pro:bulletproof_security:2.2
-
cpe:2.3:a:ait-pro:bulletproof_security:2.3
-
cpe:2.3:a:ait-pro:bulletproof_security:2.4
-
cpe:2.3:a:ait-pro:bulletproof_security:2.5
-
cpe:2.3:a:ait-pro:bulletproof_security:2.6
-
cpe:2.3:a:ait-pro:bulletproof_security:2.7
-
cpe:2.3:a:ait-pro:bulletproof_security:2.8
-
cpe:2.3:a:ait-pro:bulletproof_security:2.9
-
cpe:2.3:a:ait-pro:bulletproof_security:3.0
-
cpe:2.3:a:ait-pro:bulletproof_security:3.1
-
cpe:2.3:a:ait-pro:bulletproof_security:3.2
-
cpe:2.3:a:ait-pro:bulletproof_security:3.3
-
cpe:2.3:a:ait-pro:bulletproof_security:3.4
-
cpe:2.3:a:ait-pro:bulletproof_security:3.5
-
cpe:2.3:a:ait-pro:bulletproof_security:3.6
-
cpe:2.3:a:ait-pro:bulletproof_security:3.7
-
cpe:2.3:a:ait-pro:bulletproof_security:3.8
-
cpe:2.3:a:ait-pro:bulletproof_security:3.9
-
cpe:2.3:a:ait-pro:bulletproof_security:4.0
-
cpe:2.3:a:ait-pro:bulletproof_security:4.1
-
cpe:2.3:a:ait-pro:bulletproof_security:4.2
-
cpe:2.3:a:ait-pro:bulletproof_security:4.3
-
cpe:2.3:a:ait-pro:bulletproof_security:4.4
-
cpe:2.3:a:ait-pro:bulletproof_security:4.5
-
cpe:2.3:a:ait-pro:bulletproof_security:4.6
-
cpe:2.3:a:ait-pro:bulletproof_security:4.7
-
cpe:2.3:a:ait-pro:bulletproof_security:4.8
-
cpe:2.3:a:ait-pro:bulletproof_security:4.9
-
cpe:2.3:a:ait-pro:bulletproof_security:5.0
-
cpe:2.3:a:ait-pro:bulletproof_security:5.1