CVE-2024-4469: Migration Backup Restore < 3.5.0 - Admin+ SSRF

Description

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.

Classification

CVE ID: CVE-2024-4469

Problem Types

CWE-918 Server-Side Request Forgery (SSRF)

Affected Products

Vendor: Unknown

Product: WP STAGING WordPress Backup Plugin

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.12% (probability of being exploited)

EPSS Percentile: 32.6% (scored less or equal to compared to others)

EPSS Date: 2025-04-16 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: total

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-4469
https://wpscan.com/vulnerability/d6b1270b-52c0-471d-a5fb-507e21b46310/

Timeline