CVE-2024-9290: Super Backup & Clone - Migrate for WordPress <= 2.3.3 - Unauthenticated Arbitrary File Upload

9.8 CVSS

Description

The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Classification

CVE ID: CVE-2024-9290

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: azzaroco

Product: Super Backup & Clone - Migrate for WordPress

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 40.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/7c31d9b3-38b1-49a1-b361-ffe97e02bff0?source=cve
https://codecanyon.net/item/super-backup-clone-migrate-for-wordpress/12943030

Timeline

2024-12-14 00:30:35 UTC
CVE

Super Backup & Clone - Migrate for WordPress <= 2.3.3 - Unauthenticated Arbitrary File Upload
2024-12-24 19:30:26 UTC
DarkWebInformer

CVE-2024-9290 Exploit Tool | Super Backup & Clone Vulnerability