WNE Security News
Read about “CVE-2024-0824 Exclusive Addons for Elementor plugin for WordPress Vulnerability” and the most important cybersecurity news to stay up to date with
CVE-2024-0824 Exclusive Addons for Elementor plugin for WordPress Vulnerability
WNE Security Publisher
1/26/2024
Learn about “CVE-2024-0824 Exclusive Addons for Elementor plugin for WordPress Vulnerability” and other vulnerabilities by subscribing to our newsletter today!
CVE-2024-0697 is a security vulnerability identified in the Backuply – Backup, Restore, Migrate and Clone plugin for WordPress. This vulnerability is classified as Directory Traversal and impacts all versions of the plugin up to, and including, 1.2.3. The issue exists in the backuply_get_jstree
function, specifically via the node_id
parameter, which is not properly handled.
The vulnerability allows attackers with administrator privileges or higher to exploit the Directory Traversal flaw, enabling them to read the contents of arbitrary files on the server. These files could potentially contain sensitive information, posing a significant risk to the security and privacy of the data stored on the server.
The Common Vulnerability Scoring System (CVSS) has assigned CVE-2024-0697 a base score of 6.5, which indicates a medium level of severity. The CVSS v3 vector for this vulnerability is CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N. This vector reflects that the vulnerability has a network attack vector, low attack complexity, high privileges required, no user interaction needed, and high impacts on both confidentiality and integrity while having no impact on availability.
Impact of CVE-2024-0697: The primary impact of this vulnerability is that it allows attackers with administrator privileges or higher to read the contents of arbitrary files on the server. This capability poses a significant security risk as it can lead to unauthorized access to sensitive information stored on the server.
Mitigation and Remediation: To mitigate and remediate CVE-2024-0697, it is essential for administrators using the affected plugin to update the plugin to a version that addresses this security issue. If an updated version is not yet available, disabling or removing the plugin is advised to prevent potential exploitation. Regularly monitoring security advisories and promptly applying security patches is crucial for maintaining the security and integrity of WordPress websites.
Affected Systems: The vulnerability specifically affects the Backuply – Backup, Restore, Migrate and Clone plugin for WordPress. Websites using versions of this plugin up to and including 1.2.3 are at risk and should take immediate action to address the vulnerability
Learn more about WNE Security products and services that can help keep you cyber safe.
Learn about “CVE-2024-0824 Exclusive Addons for Elementor plugin for WordPress Vulnerability” and other vulnerabilities by subscribing to our newsletter today!
Learn more about “CVE-2024-0824 Exclusive Addons for Elementor plugin for WordPress Vulnerability” by clicking the links below.
Stay updated with WNE Security’s news section for the latest in cybersecurity trends, threats, and protection measures.