CVSS 3.1 Score 4.9 of 10 (medium)


Published Mar 16, 2024
Updated: Mar 17, 2024


CVE-2024-2294 is a vulnerability in the Backuply – Backup, Restore, Migrate and Clone plugin for WordPress versions up to and including 1.2.7. This vulnerability allows attackers with an account possessing only the activate_plugins capability to exploit a Directory Traversal flaw via the backup_name parameter in the backuply_download_backup function. As a result, they can gain unauthorized access to arbitrary files on Windows servers hosting affected sites, potentially compromising sensitive information. The risk score is 25, with a base severity of MEDIUM and a base score of 4.9 according to the CVSS:3.1 vector string provided by No changes have been made to the scope of impact or exploitability score since its discovery.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-2294 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options