Unrestricted File Upload Vulnerability in Azzaroco WP SuperBackup
CVE-2024-56064

10CRITICAL

Key Information:

Vendor: WordPress
Status: WP Superbackup
Vendor: CVE Published:; 31 December 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 18%

What is CVE-2024-56064?

A vulnerability has been identified in Azzaroco WP SuperBackup that permits unauthorized and unrestricted uploading of files to the web server. This allows potential attackers to upload a web shell, which can be exploited for malicious purposes such as executing commands on the server. The issue impacts versions from n/a through 2.3.3 of the WP SuperBackup plugin. Prompt attention and updating to a secure version is crucial to mitigate the risk of exploitation.

Affected Version(s)

WP SuperBackup <= 2.3.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-56064
Created by RandomRobbieBF

References

https://patchstack.com/database/wordpress/plugin/indeed-w...

vdb-entry

EPSS Score

18% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 10, 2025
👾
Exploit known to exist
Jan 10, 2025
Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 14, 2024

Credit

Dave Jong (Patchstack)

WordPress

Badges

What is CVE-2024-56064?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

EPSS Score

CVSS V3.1

Timeline

Credit