CVE-2024-3034

Name of the Vulnerable Software and Affected Versions: BackUpWordPress versions up to, and including, 3.13

Description: The issue is related to errors in handling relative path to directory when processing the hmbkp directory browse parameter, allowing remote attackers to gain unauthorized access to protected information. This vulnerability enables authenticated attackers with administrator-level access and above to traverse directories outside of the allowed context via the hmbkp directory browse parameter.

Recommendations: For versions up to, and including, 3.13, consider disabling the hmbkp directory browse parameter until a patch is available to prevent directory traversal attacks. Restrict access to sensitive directories and ensure that only necessary personnel have administrator-level access to minimize the risk of exploitation.