CVE-2023-6750: 
WordPress vulnerability analysis and mitigation

CVE-2023-6750 is a security vulnerability affecting the Clone WordPress plugin versions before 2.4.3. The vulnerability was discovered by Dmitrii Ignatyev and publicly disclosed on December 18, 2023. The issue stems from the plugin's handling of backup information, where buffer files containing sensitive data are stored in a publicly accessible, statically defined file path (WPScan).

The vulnerability is classified as a Sensitive Data Disclosure issue (CWE-200) with a CVSS v3.1 base score of 7.5 (High). The technical nature of the vulnerability involves the plugin's backup process, where temporary buffer files containing sensitive information are stored in predictable, publicly accessible locations. This implementation falls under the OWASP Top 10 category A3: Sensitive Data Exposure (WPScan, NVD).

The vulnerability allows unauthenticated visitors to access sensitive backup information during an active backup process. Specifically, attackers can potentially access critical files including 'file.list', 'database.sql', and 'prefix.txt' stored in the wp-content/uploads/wp-clone/wpclone_backup/ directory, which could contain sensitive database and system information (WPScan).

The vulnerability has been fixed in version 2.4.3 of the Clone WordPress plugin. Users are strongly advised to update to this version or later to mitigate the risk (WPScan).