WNE Security News

Read about “CVE-2024-0824 Exclusive Addons for Elementor plugin for WordPress Vulnerability” and the most important cybersecurity news to stay up to date with

CVE-2024-0824 Exclusive Addons for Elementor plugin for WordPress Vulnerability

Cybersecurity Service Provider

WNE Security Publisher

1/26/2024

CVE-2024-0824 Exclusive Addons for Elementor plugin for WordPress Vulnerability

Learn about “CVE-2024-0824 Exclusive Addons for Elementor plugin for WordPress Vulnerability” and other vulnerabilities by subscribing to our newsletter today!

CVE-2024-0697 is a security vulnerability identified in the Backuply – Backup, Restore, Migrate and Clone plugin for WordPress. This vulnerability is classified as Directory Traversal and impacts all versions of the plugin up to, and including, 1.2.3. The issue exists in the backuply_get_jstree function, specifically via the node_id parameter, which is not properly handled.

The vulnerability allows attackers with administrator privileges or higher to exploit the Directory Traversal flaw, enabling them to read the contents of arbitrary files on the server. These files could potentially contain sensitive information, posing a significant risk to the security and privacy of the data stored on the server.

The Common Vulnerability Scoring System (CVSS) has assigned CVE-2024-0697 a base score of 6.5, which indicates a medium level of severity. The CVSS v3 vector for this vulnerability is CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N. This vector reflects that the vulnerability has a network attack vector, low attack complexity, high privileges required, no user interaction needed, and high impacts on both confidentiality and integrity while having no impact on availability.

Impact of CVE-2024-0697: The primary impact of this vulnerability is that it allows attackers with administrator privileges or higher to read the contents of arbitrary files on the server. This capability poses a significant security risk as it can lead to unauthorized access to sensitive information stored on the server.

Mitigation and Remediation: To mitigate and remediate CVE-2024-0697, it is essential for administrators using the affected plugin to update the plugin to a version that addresses this security issue. If an updated version is not yet available, disabling or removing the plugin is advised to prevent potential exploitation. Regularly monitoring security advisories and promptly applying security patches is crucial for maintaining the security and integrity of WordPress websites.

Affected Systems: The vulnerability specifically affects the Backuply – Backup, Restore, Migrate and Clone plugin for WordPress. Websites using versions of this plugin up to and including 1.2.3 are at risk and should take immediate action to address the vulnerability

Subscribe Today

We don’t spam! Read our privacy policy for more info.

Learn more about WNE Security products and services that can help keep you cyber safe.

Learn about “CVE-2024-0824 Exclusive Addons for Elementor plugin for WordPress Vulnerability” and other vulnerabilities by subscribing to our newsletter today!

Learn more about “CVE-2024-0824 Exclusive Addons for Elementor plugin for WordPress Vulnerability” by clicking the links below.


Stay updated with WNE Security’s news section for the latest in cybersecurity trends, threats, and protection measures.

Check Out Some Other Articles

Uncover the intricacies of email phishing, a rampant cyber threat. Learn about its potential damage to companies and explore comprehensive strategies to combat and prevent these deceptive attacks. Protect your organization by staying informed.

Delve into the transformative Zero Trust approach, essential for enterprises navigating today’s complex digital landscape. Discover how it redefines cybersecurity beyond traditional boundaries, emphasizing verification and real-time monitoring.

 

Ransomware is more than just a headline—it’s a rising threat. Learn about its mechanics, its consequences, and why staying informed is your best defense.

 

We don’t spam! Read our privacy policy for more info.