CVE-2021-24155

Name of the Vulnerable Software and Affected Versions: WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin versions prior to 1.6.0

Description: The issue allows high privilege users (admin+) to upload arbitrary files, including PHP ones, due to the plugin not ensuring that imported files are of the SGBP format and extension. This can lead to remote code execution (RCE).

Recommendations: For WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting the upload functionality to prevent high privilege users from uploading arbitrary files until a patch is applied.