CVE-2020-36668

Name of the Vulnerable Software and Affected Versions JetBackup – WP Backup, Migrate & Restore plugin for WordPress versions up to, and including, 1.4.0

Description The issue is related to sensitive information disclosure due to a lack of proper capability checking on the backup guard get manual modal function, which is called via an AJAX action. This allows attackers with subscriber-level access or higher to invoke the function and obtain database table information.

Recommendations For versions up to, and including, 1.4.0, consider disabling the backup guard get manual modal function until a patch is available to prevent exploitation. Restrict access to the AJAX action that calls this function to minimize the risk of sensitive information disclosure.