WordPress Plugin Vulnerabilities

WP SuperBackup < 2.4 - Unauthenticated Arbitrary File Upload

Description

The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
indeed-wp-superbackup
Fixed in 2.4

References

CVE
CVE-2024-56064
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5d5c553f-247d-4feb-8027-822cfaca4adf

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
ab939130-3a48-4179-8722-0f09340aee4d

Timeline

Publicly Published
2024-12-18 (about 1 year ago)
Added
2025-01-08 (about 1 year ago)
Last Updated
2025-01-08 (about 1 year ago)

Other

Published
Title
Published
2021-06-01
Title
Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE
Published
2024-08-05
Title
Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload
Published
2025-12-02
Title
Modula 2.13.1 - 2.13.2 - Author+ Arbitrary File Upload via Race Condition
Published
2022-08-09
Title
WPide < 3.0 - Admin+ Arbitrary File Edit & Upload
Published
2025-09-09
Title
Responsive Filterable Portfolio < 1.0.25 - Authenticated (Admin+) Arbitrary File Upload