CVE-2023-6565 is a vulnerability identified in the InfiniteWP Client plugin for WordPress, affecting all versions up to and including 1.12.3. The vulnerability is classified under CWE-922, which pertains to the insecure storage of sensitive information. Specifically, the flaw arises during the multi-call backup process, where a temporary SQL file containing sensitive data is created. During the limited time window when this temporary file exists, unauthenticated attackers can issue repeated HTTP GET requests to access and extract the contents of this file. This exposure occurs because the plugin does not adequately protect or restrict access to the temporary backup file, allowing attackers to retrieve sensitive information without any authentication or user interaction. The vulnerability is time-sensitive, relying on the backup process window, but the ability to automate repeated requests increases the risk of successful exploitation. No known exploits have been reported in the wild as of the publication date, and no official patches have been released yet. The vulnerability impacts the confidentiality of sensitive data stored or processed by the InfiniteWP Client plugin, potentially exposing database credentials, site configuration details, or other critical information stored in the SQL backup file. The plugin is widely used by WordPress administrators to manage multiple WordPress sites, making this vulnerability relevant to a broad set of users who rely on InfiniteWP for site management and backups.

For European organizations, the exposure of sensitive information through this vulnerability could lead to significant confidentiality breaches. Organizations using InfiniteWP Client to manage multiple WordPress sites risk unauthorized disclosure of database credentials, site configurations, or other sensitive data, which could facilitate further attacks such as privilege escalation, data theft, or site defacement. This is particularly critical for sectors with strict data protection regulations like GDPR, where leakage of personal or sensitive data can result in regulatory penalties and reputational damage. The vulnerability's exploitation does not require authentication or user interaction, increasing the risk of automated attacks targeting vulnerable WordPress installations. Given the widespread use of WordPress and InfiniteWP in Europe, especially among small and medium enterprises (SMEs) and digital agencies, this vulnerability could be leveraged to compromise multiple sites, disrupt business operations, or serve as a foothold for more advanced persistent threats. The limited time window for exploitation somewhat reduces the risk, but automated scanning and exploitation tools could still effectively target vulnerable installations. The lack of known exploits in the wild currently suggests a lower immediate threat level, but the medium severity rating indicates a need for prompt attention to prevent future exploitation.

1. Immediate mitigation involves disabling the multi-call backup feature in InfiniteWP Client until a secure patch is released. 2. Monitor backup processes closely and restrict access to the backup directory via web server configuration (e.g., using .htaccess rules or equivalent) to prevent unauthorized HTTP GET requests to temporary files. 3. Implement web application firewall (WAF) rules to detect and block repeated GET requests targeting backup-related URLs or temporary SQL files. 4. Limit exposure by restricting access to the WordPress admin and plugin directories to trusted IP addresses where feasible. 5. Regularly audit and monitor logs for unusual access patterns during backup windows. 6. Upon availability, promptly apply official patches or updates from InfiniteWP addressing this vulnerability. 7. Educate site administrators on the risks of enabling multi-call backup options and encourage alternative backup strategies that do not expose sensitive temporary files. 8. Consider isolating WordPress management tools on dedicated, hardened environments to reduce the attack surface. These steps go beyond generic advice by focusing on controlling access to temporary files, monitoring backup processes, and leveraging network-level protections to mitigate exploitation risks.