CVE-2021-24155

The WordPress Backup and Migrate Plugin  Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
backup-guardbackup_guard
𝑥
< 1.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/163382/WordPress-Backup-Guard-1.5.8-Shell-Upload.html
http://packetstormsecurity.com/files/163623/WordPress-Backup-Guard-Authenticated-Remote-Code-Execution.html
https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb
http://packetstormsecurity.com/files/163382/WordPress-Backup-Guard-1.5.8-Shell-Upload.html
http://packetstormsecurity.com/files/163623/WordPress-Backup-Guard-Authenticated-Remote-Code-Execution.html
https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb