CVE-2024-0697

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information.

More information : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail=

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : HIGH
User interaction : NONE
Confidentiality impact : HIGH
Integrity impact : NONE
Base score : 4.9
Base severity : MEDIUM
Exploitability score : 1.2
Impact score : 3.6