CVE-2024-3034 – The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all …

27 April 2024

Vuln ID: CVE-2024-3034

Published: 2024-04-27 05:15:48.623

Description: The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the context in which the plugin should allow.

Base Score: 2.7 – LOW

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Source: NVD.NIST.GOV

Date:

27 April 2024

Categorie(s):

NVD

Tag(s):

NVD

Why SMBs are facing significant security, business risks9 May 2024
Analyzing trends in cybersecurity: Funding, market consolidation and the role of AI9 May 2024
NATO and quantum computing are part of the cybersecurity agenda for IBM Consulting9 May 2024
RSAC: Three Strategies to Boost Open-Source Security9 May 2024
Nozomi Networks expands partnership with Mandiant to strengthen industrial and enterprise security9 May 2024