Unauthorized Access to Sensitive System Information
CVE-2024-48024

7.5HIGH

Key Information:

Vendor: WordPress
Status: Keep Backup Daily
Vendor: CVE Published:; 17 October 2024

Summary

A vulnerability exists in the Keep Backup Daily plugin developed by Fahad Mahmood, which permits unauthorized access to sensitive system information. This issue allows attackers to retrieve embedded sensitive data, potentially leading to significant privacy breaches. The vulnerability affects versions from 'n/a' through 2.0.7, highlighting the importance for users to immediately assess their installations and take necessary actions to mitigate potential risks.

Affected Version(s)

Keep Backup Daily <= 2.0.7

References

https://patchstack.com/database/vulnerability/keep-backup...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Oct 8, 2024

Credit

Joshua Chan (Patchstack Alliance)