CVE-2024-56064 — Vulnetix

CVE-2024-56064 PUBLISHED CVSS 10 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3.

EPSS 58.46% · 98.2th percentile

Risk Scores

CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

58.46%

98.2th percentile

Affected Products

Vendor	Product	Versions
azzaroco	WP SuperBackup	0
Azzaroco	WP SuperBackup	n/a

Exploit Intelligence

WP SuperBackup <= 2.3.3 - Unauthenticated Arbitrary File Upload (github-poc)
WP SuperBackup <= 2.3.3 - Unauthenticated Arbitrary File Upload (github-poc)
WP SuperBackup <= 2.3.3 - Unauthenticated Arbitrary File Upload (github-poc)
WP SuperBackup <= 2.3.3 - Unauthenticated Arbitrary File Upload (github-poc)
WP SuperBackup <= 2.3.3 - Unauthenticated Arbitrary File Upload (github-poc)
https://patchstack.com/database/Wordpress/Plugin/indeed-wp-superbackup/vulnerability/wordpress-wp-superbackup-plugin-2-3-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve (circl)
CIRCL seen: CVE-2024-56064 (circl-sighting)
CIRCL seen: CVE-2024-56064 (circl-sighting)
CIRCL seen: CVE-2024-56064 (circl-sighting)
CIRCL seen: CVE-2024-56064 (circl-sighting)

…and 9 more exploits

Timeline

Jan 21, 1970 VulnCheck XDB Entry
Dec 31, 2024 CVE Published
Dec 31, 2024 PoC Published
Jan 1, 2025 EPSS Score
Jan 1, 2025 PoC Published
Jan 14, 2025 PoC Published
Jan 15, 2025 PoC Published
Mar 17, 2025 EPSS Score
Mar 18, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Mar 22, 2025 EPSS Score

References

Open in Interactive Console →