CVE-2024-56067

HIGH

Azzaroco WP SuperBackup <2.3.3 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-56067. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary This PoC demonstrates an unauthorized access vulnerability in the WP SuperBackup plugin, allowing unauthenticated attackers to download backup files by accessing specific paths. The exploit leverages missing capability checks to retrieve sensitive backup data.

Description

Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3.

Exploits (1)

nomisec WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-56067

This PoC demonstrates an unauthorized access vulnerability in the WP SuperBackup plugin, allowing unauthenticated attackers to download backup files by accessing specific paths. The exploit leverages missing capability checks to retrieve sensitive backup data.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WP SuperBackup <= 2.3.3
No auth needed
Prerequisites: Target must have the WP SuperBackup plugin installed and configured · Backup files must exist in the specified paths
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.1003
EPSS Percentile 95.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
Azzaroco/WP SuperBackup < 2.3.3
azzaroco/WP SuperBackup < 2.3.3
Published Dec 31, 2024
Tracked Since Feb 18, 2026