CVE-2024-8669

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Sep 14, 2024
CWE ID 89

Summary

CVE-2024-8669 identifies a critical SQL Injection vulnerability in the Backuply – Backup, Restore, Migrate and Clone plugin for WordPress, affecting all versions up to and including 1.3.4. This flaw arises from inadequate escaping of the 'options' parameter in the backuply_wp_clone_sql() function, allowing authenticated users with administrator-level access to manipulate SQL queries and potentially extract sensitive database information. The CVSS base score for this vulnerability is 9.1, indicating a high level of risk with significant impacts on confidentiality and integrity. To remediate this issue, it is recommended that organizations update the plugin to a patched version as soon as possible. If exploited, this vulnerability poses a severe threat to data security within affected WordPress installations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share