CVE-2024-0697

Name of the Vulnerable Software and Affected Versions Backuply – Backup, Restore, Migrate and Clone plugin for WordPress versions up to, and including, 1.2.3

Description The issue allows attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information, via the node id parameter in the backuply get jstree function. This is a Directory Traversal vulnerability.

Recommendations For versions up to, and including, 1.2.3, consider disabling the backuply get jstree function until a patch is available to prevent exploitation. Restrict access to the node id parameter to minimize the risk of arbitrary file reading.