This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A sensitive information disclosure flaw in the **BulletProof Security** WordPress plugin. π **Consequences**: Attackers can leak the **full site path** and **database backup file paths**.β¦
π‘οΈ **Root Cause**: **CWE-200** (Information Exposure). The flaw lies in the publicly accessible **`~/db_backup_log.txt`** file. The plugin fails to restrict access to this log, exposing internal directory structures. π
Q3Who is affected? (Versions/Components)
π₯ **Affected**: **AITpro** vendor. π¦ **Product**: **BulletProof Security** plugin. π **Versions**: Up to and including **v5.1**. If you are running this version or older, you are at risk. β οΈ
Q4What can hackers do? (Privileges/Data)
π **Attacker Actions**: Gain **Read-Only** access to sensitive metadata. π΅οΈββοΈ Specifically, they obtain the **absolute file path** of the WordPress installation and the location of database backups.β¦
π **Exploitation Threshold**: **LOW**. π **Auth**: None required (Publicly accessible). βοΈ **Config**: No special configuration needed. The file is exposed by default in vulnerable versions.β¦
π₯ **Public Exploits**: **YES**. π **PoC**: Available on **Exploit-DB** (ID: 50382) and **GitHub** (Hacker5preme). π§ͺ **Scanner**: Nuclei templates are available for automated detection. Wild exploitation is trivial. π£
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Visit `http://your-site.com/~/db_backup_log.txt` (or similar path structure). π§ If the file returns content showing file paths instead of a 404 error, you are **VULNERABLE**.β¦
π οΈ **Official Fix**: **YES**. The vendor released a patch. π’ **Action**: Update BulletProof Security to a version **newer than 5.1**. Check the WordPress plugin repository for the latest secure release. β
Q9What if no patch? (Workaround)
π§ **No Patch Workaround**: If you cannot update immediately: 1. **Block Access**: Use `.htaccess` or WAF rules to deny access to `db_backup_log.txt`. 2. **Delete File**: Remove the file if it exists (if safe). 3.β¦
β³ **Urgency**: **HIGH**. π΄ **Priority**: Patch immediately. While it doesn't grant direct RCE, it provides critical reconnaissance data for attackers. It is an easy win for threat actors.β¦