CVE-2024-9290

Name of the Vulnerable Software and Affected Versions Super Backup & Clone - Migrate plugin for WordPress versions prior to 2.3.4

Description The issue is related to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk restore migrate check() function. This allows unauthenticated attackers to upload arbitrary files on the affected site's server, which may make remote code execution possible.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 to fix this issue. As a temporary workaround, consider disabling the ibk restore migrate check() function until a patch is available. Restrict access to the plugin's file upload functionality to minimize the risk of exploitation.