Lucene search

WordfenceVULNRICHMENT:CVE-2024-0842

HistoryFeb 09, 2024 - 4:31 a.m.

CVE-2024-0842

2024-02-0904:31:54

Wordfence

github.com

backuply

wordpress

denial of service

vulnerable

unauthenticated

direct access

excessive requests

resource exhaustion

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:softaculous:backuply:*:*:*:*:*:wordpress:*:*"
    ],
    "vendor": "softaculous",
    "product": "backuply",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "1.2.5"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php

www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-0842