CVE-2024-12209 WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion

🗓️ 08 Dec 2024 05:25:16Reported by WordfenceType

Vulnerability in WP Umbrella plugin allows unauthenticated local file inclusion and code execution.

Reporter	Title	Published	Views	Family All 16
GithubExploit	Exploit for CVE-2024-12209	9 Dec 202411:51	–	githubexploit
BDU FSTEC	Vulnerability of the WP Umbrella plugin: Updates, backup restoration, and monitoring of the WordPress content management system, allowing attackers to gain unauthorized access to confidential information or execute arbitrary code.	11 Dec 202400:00	–	bdu_fstec
Circl	CVE-2024-12209	8 Dec 202405:33	–	circl
CNNVD	WordPress plugin WP Umbrella: Update Backup Restore & Monitoring 安全漏洞	8 Dec 202400:00	–	cnnvd
CNVD	WordPress Plugin WP Umbrella: Update Backup Restore & Monitoring Local File Containment Vulnerability	11 Dec 202400:00	–	cnvd
CVE	CVE-2024-12209	8 Dec 202405:25	–	cve
Nuclei	WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion	18 Jun 202612:11	–	nuclei
NVD	CVE-2024-12209	8 Dec 202406:15	–	nvd
OpenVAS	WordPress Multiple Plugins / Themes Directory Traversal / File Download Vulnerability (HTTP)	20 Nov 202000:00	–	openvas
Patchstack	WordPress WP Umbrella: Update Backup Restore & Monitoring plugin <= 2.17.0 - Local File Inclusion vulnerability	5 Dec 202413:10	–	patchstack

[
  {
    "vendor": "wphealth",
    "product": "WP Umbrella: Update Backup Restore & Monitoring",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.17.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset
plugins	www.plugins.trac.wordpress.org/browser/wp-health/tags/v2.16.4/src/Actions/RestoreRouter.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/c74ce3e8-cab9-4cc6-a1ad-1e51f7268474

08 Apr 2026 17:21Current

CVSS 3.19.8

EPSS0.15043

CWE-98