Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-2294

Published: 16/03/2024 Updated: 17/03/2024

Vulnerability Summary

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for malicious users to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/be3bd1f2-092c-47c4-a4e4-3365e107c57f?source=cvehttps://plugins.trac.wordpress.org/browser/backuply/trunk/main/ajax.php#L78https://plugins.trac.wordpress.org/browser/backuply/trunk/functions.php#L1615https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050547%40backuply&new=3050547%40backuply&sfp_email=&sfph_mail=https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook