CVE-2023-6505

HIGH NUCLEI

Prime Mover < 1.9.3 - Directory Listing in Export File Directories

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-6505. PoCs published by halilkirazkaya. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains functional proof-of-concept exploits for multiple CVEs, including CVE-2023-6505. Each exploit includes detailed HTTP requests or commands to demonstrate the vulnerability, such as remote file inclusion, path traversal, and unauthorized metadata updates.

Description

The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files.

Exploits (1)

github WORKING POC 4 stars
by halilkirazkaya · poc
https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2023/CVE-2023-6505.md

This repository contains functional proof-of-concept exploits for multiple CVEs, including CVE-2023-6505. Each exploit includes detailed HTTP requests or commands to demonstrate the vulnerability, such as remote file inclusion, path traversal, and unauthorized metadata updates.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Various (WordPress plugins, QNAP Photo Station, IBM Data Risk Manager, etc.)
No auth needed
Prerequisites: Network access to the target system · Specific vulnerable software installed
devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

Prime Mover < 1.9.3 - Sensitive Data Exposure
HIGHby s4e-io
FOFA: body="/wp-content/plugins/prime-mover"

References (1)

Core 1
Core References
Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/eca6f099-6af0-4f42-aade-ab61dd792629

Scores

CVSS v3 7.5
EPSS 0.7378
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

Status published
Products (1)
codexonics/prime_mover < 1.9.3
Published Jan 08, 2024
Tracked Since Feb 18, 2026