CVE-2024-52390 – WordPress CYAN Backup plugin <= 2.5.3 - Arbitrary File Download vulnerability

https://notcve.org/view.php?id=CVE-2024-52390

11 Nov 2024 — : Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3. The CYAN Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/vulnerability/cyan-backup/wordpress-cyan-backup-plugin-2-5-3-arbitrary-file-download-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •