CVE-2024-5551

Name of the Vulnerable Software and Affected Versions WP STAGING Pro WordPress Backup Plugin versions up to, and including, 5.6.0

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the sub parameter. This allows unauthenticated attackers to include local files that end in '-settings.php' via a forged request, provided they can trick a site administrator into performing a specific action.

Recommendations For versions up to, and including, 5.6.0, update to a version that includes the fix for the nonce validation issue to prevent Cross-Site Request Forgery attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.