CVE-2021-24155

high-risk
Published 2021-04-05

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.

Do I need to act?

!
92.8% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
50093
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Backup-Guard

References (6)

Exploit http://packetstormsecurity.com/files/163382/WordPress-Backup-Guard-1.5.8-Shell-U...
Exploit http://packetstormsecurity.com/files/163623/WordPress-Backup-Guard-Authenticated...
Exploit https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb
Exploit http://packetstormsecurity.com/files/163382/WordPress-Backup-Guard-1.5.8-Shell-U...
Exploit http://packetstormsecurity.com/files/163623/WordPress-Backup-Guard-Authenticated...
Exploit https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb
51
/ 100
high-risk
Severity 26/34 · High
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal