CVE-2023-6113: 
WordPress vulnerability analysis and mitigation

CVE-2023-6113 affects the WP STAGING WordPress Backup Plugin (versions before 3.1.3) and WP STAGING Pro WordPress Backup Plugin (versions before 5.1.3). The vulnerability was discovered by Dmitrii Ignatyev and publicly disclosed on December 6, 2023. This security flaw allows unauthenticated attackers to access key information about ongoing backup processes and subsequently download these backups (WPScan, CleanTalk).

The vulnerability stems from the plugin's failure to properly secure temporary cache files created during backup processes. These files are publicly accessible and contain critical information, including backup secret IDs. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. It is classified as a Sensitive Data Disclosure vulnerability (CWE-200) and falls under the OWASP Top 10 category A3: Sensitive Data Exposure (WPScan).

The vulnerability allows unauthorized attackers to access sensitive backup data through exposed cache files. Attackers can obtain critical information about the site's configuration, directories, files, and database content. This exposure could potentially lead to system compromise and unauthorized access to sensitive information (CleanTalk).

The vulnerability has been patched in WP STAGING version 3.1.3 and WP STAGING Pro version 5.1.3. Users are strongly advised to update to these or later versions to protect against unauthorized access to backup data (WPScan).