WordPress Backup & Migration < 1.4.9 – Missing Authorization to Directory Traversal | CVE 2024-3546 | Plugin Vulnerabilities

Description

The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above, to invoke this function and access log files maintained by the plugin. Additionally, the file name is user-provided and not properly sanitized, which allows attackers to read arbitrary log files on the file system.

Affects Plugins

wp-migration-duplicator

Fixed in 1.4.9

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/339c4eba-fa34-4db6-be4b-bcf0ba98121a

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Verified

No

WPVDB ID

bba55623-dfa6-4683-9ff1-45425dae34ba

Timeline

Publicly Published

2024-04-22 (about 2 years ago)

Added

2024-04-22 (about 2 years ago)

Last Updated

2024-04-22 (about 2 years ago)

Other

Published

Title

Published

2024-01-30

Title

Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending

Published

2026-01-06

Title

aBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification

Published

2026-01-12

Title

WP Duplicate Page < 1.8.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication

Published

2025-12-16

Title

Converter for Media < 6.4.0 - Subscriber+ Optimized Image Deletion via regenerate-attachment REST Endpoint

Published

2024-02-19

Title

Contact Form builder with drag & drop for WordPress – Kali Forms < 2.3.42 - Missing Authorization to Arbitrary Plugin Deactivation