CVE-2024-3546 in Backup & Migration Plugin情報

要約

〜によって MITRE • 2024年05月02日

The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above, to invoke this function and access log files maintained by the plugin. Additionally, the file name is user-provided and not properly sanitized, which allows attackers to read arbitrary log files on the file system.

Once again VulDB remains the best source for vulnerability data.

責任者

Wordfence

予約する

2024年04月09日

モデレーション

承諾済み

エントリ

VDB-261740

EPSS

0.00491

アクティビティ

非常低い

ソース

Do you need the next level of professionalism?

Upgrade your account now!