CVE-2024-9461

Name of the Vulnerable Software and Affected Versions Total Upkeep – WordPress Backup Plugin plus Restore & Migrate versions up to 1.16.6

Description The issue is related to the lack of input validation and sanitization, making it possible for authenticated attackers with Administrator-level access and above to execute code on the server via the cron interval parameter. This allows for remote code execution.

Recommendations For versions up to 1.16.6, update to a version higher than 1.16.6 to resolve the issue. As a temporary workaround, consider restricting access to the cron interval parameter to minimize the risk of exploitation.