CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0842 – Backuply - Backup, Restore, Migrate and Clone <= 1.2.6 - Denial of Service
https://notcve.org/view.php?id=CVE-2024-0842
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources. El complemento Backuply – Backup, Restore, Migrate and Clone para WordPress es vulnerable a la denegación de servicio en todas las versiones hasta la 1.2.5 incluida. Esto se debe al acceso directo al archivo backuply/restore_ins.php. • https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php https://www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve • CWE-400: Uncontrolled Resource Consumption CWE-834: Excessive Iteration •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0697 – Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 - Authenticated (Administrator+) Directory Traversal
https://notcve.org/view.php?id=CVE-2024-0697
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information. El complemento Backuply – Backup, Restore, Migrate and Clone para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 1.2.3 inclusive a través del parámetro node_id en la función backuply_get_jstree. Esto hace posible que atacantes con privilegios de administrador o superiores lean el contenido de archivos arbitrarios en el servidor, que pueden contener información confidencial. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •