Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload
CVE-2021-24155

7.2HIGH

Key Information:

Vendor: Wordpress
Status: WordPress Backup And Migrate Plugin – Backup Guard
Vendor: CVE Published:; 5 April 2021

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 92%

What is CVE-2021-24155?

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.

Affected Version(s)

WordPress Backup and Migrate Plugin – Backup Guard 1.6.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-24155.rb
Created by 0dayNinja

References

https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-...

x_refsource_CONFIRM

http://packetstormsecurity.com/files/163382/WordPress-Bac...

x_refsource_MISC

http://packetstormsecurity.com/files/163623/WordPress-Bac...

x_refsource_MISC

EPSS Score

92% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 30, 2021
👾
Exploit known to exist
Jul 30, 2021
Vulnerability published
Apr 5, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)

CVE-2021-24155 Data

JSON

Wordpress

Badges

What is CVE-2021-24155?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

EPSS Score

CVSS V3.1

Timeline

Credit