Security Advisory

CVE-2021-39327

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-17 10:26:21
Last updated 2025-03-31 18:21:46
Assigner Wordfence
State PUBLISHED

Description

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.