What is CVE-2021-24155?

CVE-2021-24155 is a vulnerability in Wordpress Backup And Migrate Plugin – Guard, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-04-05.

Is CVE-2021-24155 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Wordpress Backup And Migrate Plugin – Guard

CVE-2021-24155

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including P…

Vulnerability class: Unrestricted File Upload

EPSS: 0.928 (99.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Wordpress Backup And Migrate Plugin – Guard — versions 1.6.0

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb (x_refsource_CONFIRM)
packetstormsecurity.com/files/163382/WordPress-Backup-Guard-1.5.8-Shell-Upload… (x_refsource_MISC)
packetstormsecurity.com/files/163623/WordPress-Backup-Guard-Authenticated-Remot… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24155?: CVE-2021-24155 is a vulnerability in Wordpress Backup And Migrate Plugin – Guard, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-04-05.
Is CVE-2021-24155 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.