CVE-2021-24155

CVE-2021-24155: Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload

Vendor Unknown
Product WordPress Backup and Migrate Plugin – Backup Guard
Weakness CWE-434 · Unrestricted file upload
Published April 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.

Key dates

02Disclosure timeline

April 5, 2021 CVE published
August 3, 2024 Record updated