CVE-2020-36667
MEDIUMJetBackup - WP Backup <1.4.1 - Privilege Escalation
Title source: llmDescription
The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.
References (3)
Core 3
Core References
Scores
CVSS v3
5.4
EPSS
0.0048
EPSS Percentile
38.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (2)
backupguard/JetBackup – Backup, Restore & Migrate
< 1.4.0
jetbackup/jetbackup
< 1.4.1
Published
Mar 07, 2023
Tracked Since
Feb 18, 2026