The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information.
References
Configurations
History
21 Nov 2024, 08:47
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=cve - Patch, Third Party Advisory |
01 Feb 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
Softaculous backuply
Softaculous |
|
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=cve - Patch, Third Party Advisory | |
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail= - Patch | |
CPE | cpe:2.3:a:softaculous:backuply:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-22 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
27 Jan 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-27 05:15
Updated : 2024-11-21 08:47
NVD link : CVE-2024-0697
Mitre link : CVE-2024-0697
CVE.ORG link : CVE-2024-0697
JSON object : View
Products Affected
softaculous
- backuply
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')