CVE-2021-24155 Scanner
Detects 'Unrestricted File Upload' vulnerability in Backup Guard plugin for WordPress affects v. before 1.6.0.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
The Backup Guard plugin for WordPress is a widely-used plugin that enables users to backup and migrate their website data. Installed on over 80,000 websites, this plugin is helpful for protecting data in the event of hacks or loss. It offers users the ability to backup their data and migrate it to different web hosts with ease. The importance of data backup cannot be overstated, making this plugin a valuable asset for WordPress users.
Recently, CVE-2021-24155 vulnerability was discovered in the Backup Guard WordPress plugin, in versions 1.6.0 and prior. This vulnerability is of high concern for WordPress users since it allows high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE. Essentially, this means that malicious actors can upload and execute arbitrary code on vulnerable websites by exploiting the vulnerability, potentially leading to a loss of sensitive data or even a full site takeover.
When exploited, this vulnerability can be devastating for website owners. Malicious actors can leverage this security flaw to compromise a website's integrity, steal user data, or manipulate the site's content. Given the significant risks involved, it is imperative that users take immediate action to secure their websites.
The Backup Guard WordPress plugin has enabled website owners to backup and migrate their data with ease. However, the discovery of the CVE-2021-24155 vulnerability serves as a reminder that even the most trusted plugins can be targeted by malicious actors. At s4e.io, we offer pro features like vulnerability scanning to help website owners stay abreast of security risks and protect their digital assets from harm. With our advanced tools, you can readily detect, assess, and patch potential vulnerabilities, keeping your websites and data safe from the latest threats. Contact us today to learn more about how we can help secure your digital assets.
REFERENCES