CVE-2021-24155

nvd nist nuclei

Published: Apr 5, 2021Modified: Jun 17, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.

Affected (1)

Products: Backup Guard: Backup Guard

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Backup Guard Backup Guard	Before 1.6.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://packetstormsecurity.com/files/163382/WordPress-Backup-Guard-1.5.8-Shell-Upload.html

Source: contact@wpscan.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/163623/WordPress-Backup-Guard-Authenticated-Remote-Code-Execution.html

Source: contact@wpscan.com

ExploitThird Party AdvisoryVDB Entry

https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb

Source: contact@wpscan.com

ExploitThird Party Advisory

http://packetstormsecurity.com/files/163382/WordPress-Backup-Guard-1.5.8-Shell-Upload.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/163623/WordPress-Backup-Guard-Authenticated-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.