CVE-2021-39327 — MEDIUM (5.3)

Q: How severe is CVE-2021-39327?

CVE-2021-39327 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-39327?

Check the references section above for vendor advisories and patch information. Affected products include: Ait-Pro Bulletproof Security.

Vulnerability Description

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ait-Pro	Bulletproof Security	<= 5.1

Related Weaknesses (CWE)

CWE-459 CWE-200

References

http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-IExploitThird Party AdvisoryVDB Entry
https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327ExploitThird Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatchThird Party Advisory
https://www.exploit-db.com/exploits/50382ExploitThird Party AdvisoryVDB Entry
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327Third Party Advisory
http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-IExploitThird Party AdvisoryVDB Entry
https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327ExploitThird Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatchThird Party Advisory
https://www.exploit-db.com/exploits/50382ExploitThird Party AdvisoryVDB Entry
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327Third Party Advisory

FAQ

What is CVE-2021-39327?

CVE-2021-39327 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the...

How severe is CVE-2021-39327?

CVE-2021-39327 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-39327?

Check the references section above for vendor advisories and patch information. Affected products include: Ait-Pro Bulletproof Security.