CVE-2024-9290

CRITICAL

Super Backup & Clone - Migrate <2.3.3 - RCE

Title source: llm

Description

The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Exploits (2)

nomisec WORKING POC 1 stars

by Jenderal92 · poc

https://github.com/Jenderal92/CVE-2024-9290

View Code ZIP pw:eip

nomisec WORKING POC

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2024-9290

View Code ZIP pw:eip

References (2)

[Various Sources] https://codecanyon.net/item/super-backup-clone-migrate-for-wordpress/12943030

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/7c31d9b3-38b1-49a1-b361-ffe97e02bff0?source=cve

Scores

CVSS v3 9.8

EPSS 0.6230

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-434

Status draft

Timeline

Published Dec 13, 2024

Tracked Since Feb 18, 2026