Vulnerability Details : CVE-2021-24155
Public exploit exists!
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
Products affected by CVE-2021-24155
- cpe:2.3:a:backup-guard:backup_guard:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-24155
96.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-24155
-
Wordpress Plugin Backup Guard - Authenticated Remote Code Execution
Disclosure Date: 2021-05-04First seen: 2021-07-20exploit/multi/http/wp_plugin_backup_guard_rceThis module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard < 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP
CVSS scores for CVE-2021-24155
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2021-24155
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by:
- contact@wpscan.com (Primary)
- nvd@nist.gov (Secondary)
References for CVE-2021-24155
-
https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb
Attention Required! | CloudflareExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/163623/WordPress-Backup-Guard-Authenticated-Remote-Code-Execution.html
WordPress Backup Guard Authenticated Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/163382/WordPress-Backup-Guard-1.5.8-Shell-Upload.html
WordPress Backup Guard 1.5.8 Shell Upload ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to