CVE-2024-0842

Backuply - Backup, Restore, Migrate and Clone <= 1.2.6 - Denial of Service

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.

El complemento Backuply – Backup, Restore, Migrate and Clone para WordPress es vulnerable a la denegación de servicio en todas las versiones hasta la 1.2.5 incluida. Esto se debe al acceso directo al archivo backuply/restore_ins.php. Esto hace posible que atacantes no autenticados realicen solicitudes excesivas que provocan que el servidor se quede sin recursos.

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.6. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.

*Credits: Villu Orav

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-01-23 CVE Reserved
2024-02-08 CVE Published
2024-02-16 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption
CWE-834: Excessive Iteration

CAPEC

References (2)

URL	Tag	Source
https://www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php	2024-02-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Softaculous Search vendor "Softaculous"		Backuply Search vendor "Softaculous" for product "Backuply"				< 1.2.6 Search vendor "Softaculous" for product "Backuply" and version " < 1.2.6"		wordpress		Affected