/Vulnerability Library

WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure

CVE-2023-44982
Verified

Description

Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina) versions up to 6.4.5 contain a vulnerability that exposes sensitive information to unauthorized actors, letting attackers access confidential data, exploit requires no specific conditions.

Severity

Medium

CVSS Score

5.3

Exploit Probability

13%

Affected Product

perfect-images

Published Date

February 7, 2026

Template Author

pussycat0x

CVE-2023-44982.yaml
id: CVE-2023-44982

info:
  name: WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure
  author: pussycat0x
  severity: medium
  description: |
    Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina) versions up to 6.4.5 contain a vulnerability that exposes sensitive information to unauthorized actors, letting attackers access confidential data, exploit requires no specific conditions.
  impact: |
    Unauthorized actors can access sensitive information, leading to privacy breaches and potential data misuse.
  remediation: |
    Update to version 6.4.6 or later.
  reference:
    - https://wpscan.com/vulnerability/aba0c4a1-e253-4b5b-b46d-239567567b16/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2023-44982
    cwe-id: CWE-200
    epss-score: 0.12906
    epss-percentile: 0.94143
  metadata:
    verified: true
    max-request: 3
    vendor: meowapps
    product: perfect-images
    framework: wordpress
    publicwww-query: "/wp-content/plugins/wp-retina-2x/"
    fofa-query: body="/wp-content/plugins/wp-retina-2x/"
  tags: cve,cve2023,wordpress,wp-plugin,wp-retina-2x

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/wp-retina-2x/classes/wp-retina-2x.log"
      - "{{BaseURL}}/wp-content/uploads/wp-retina-2x.log"
      - "{{BaseURL}}/wp-content/uploads/wp-retina-2x-logs.txt"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "RETINA"
          - "PATH"
          - "thumbnail"
          - "wp-content"
          - "Full-Size"
          - "uploads"
        condition: and

      - type: regex
        part: body
        regex:
          - '\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}:'

      - type: status
        status:
          - 200
# digest: 490a0046304402204d326608093eb5e478cc7a168bd48324f4ecc9be542cda57c7a34cc1654558b0022008f4e2cd3ee86f5b1afa508fe218149b899717804c84d5a81e4477c3afc66e77:922c64590222798bb761d5b6d8e72950
5.3Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE ID:
cve-2023-44982
CWE ID:
cwe-200

References

https://wpscan.com/vulnerability/aba0c4a1-e253-4b5b-b46d-239567567b16/

Remediation Steps

Update to version 6.4.6 or later.