Unrestricted File Upload Vulnerability in Azzaroco WP SuperBackup
CVE-2024-56064
Key Information:
- Vendor
WordPress
- Status
- Vendor
- CVE Published:
- 31 December 2024
Badges
What is CVE-2024-56064?
A vulnerability has been identified in Azzaroco WP SuperBackup that permits unauthorized and unrestricted uploading of files to the web server. This allows potential attackers to upload a web shell, which can be exploited for malicious purposes such as executing commands on the server. The issue impacts versions from n/a through 2.3.3 of the WP SuperBackup plugin. Prompt attention and updating to a secure version is crucial to mitigate the risk of exploitation.
Affected Version(s)
WP SuperBackup <= 2.3.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
18% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved