CVE-2024-56064

Name of the Vulnerable Software and Affected Versions WP SuperBackup versions 2.3.3 and earlier

Description The issue affects the WP SuperBackup plugin for WordPress, allowing unrestricted upload of files with dangerous types. This enables attackers to upload a web shell to a web server. The vulnerability is due to missing file type validation in all versions up to and including 2.3.3.

Recommendations For WP SuperBackup versions 2.3.3 and earlier, update to version 2.3.4 to patch this issue. As a temporary workaround, consider restricting access to the file upload functionality until the update is applied.