CyberRota
← Ana sayfaya dön

CVE-2026-14503

MEDIUM · CVSS 6.5

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-17T05:16:37.960 · Çekilme zamanı: 2026-07-17T06:08:09.185590+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-14503
Severity
MEDIUM
CVSS
6.5
EPSS
Yok
WordPress

Orijinal NVD Açıklaması

The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.3 via the wp2pcl_ajax_process_request_inner. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract force generation of a full-site backup archive written to a publicly accessible directory, exposing wp-config.php database credentials, WordPress secret salts, and the complete PHP source tree. The resulting archive is deposited in the plugin's unprotected tmp/ directory at a predictable URL, making the extracted data accessible to unauthenticated visitors once the backup is triggered.