CVE-2024-8669
CVSS 3.1 Score 9.1 of 10 (high)
Details
Summary
CVE-2024-8669 identifies a critical SQL Injection vulnerability in the Backuply – Backup, Restore, Migrate and Clone plugin for WordPress, affecting all versions up to and including 1.3.4. This flaw arises from inadequate escaping of the 'options' parameter in the backuply_wp_clone_sql() function, allowing authenticated users with administrator-level access to manipulate SQL queries and potentially extract sensitive database information. The CVSS base score for this vulnerability is 9.1, indicating a high level of risk with significant impacts on confidentiality and integrity. To remediate this issue, it is recommended that organizations update the plugin to a patched version as soon as possible. If exploited, this vulnerability poses a severe threat to data security within affected WordPress installations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.