** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-43269. Reason: This candidate is a reservation duplicate of CVE-2024-43269. Notes: All CVE users should reference CVE-2024-43269 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
References

No reference.

History

Fri, 17 Jan 2025 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}


Fri, 17 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Title Backup and Restore Wordpress <= 1.50 - Cross-Site Request Forgery to Backup Trigger
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 17 Jan 2025 17:00:00 +0000

Type Values Removed Values Added
Description The Backup and Restore WordPress – Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on the ajax_queue_manual_backup() function. This makes it possible for unauthenticated attackers to trigger backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-43269. Reason: This candidate is a reservation duplicate of CVE-2024-43269. Notes: All CVE users should reference CVE-2024-43269 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Tue, 07 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 07 Jan 2025 04:30:00 +0000

Type Values Removed Values Added
Description The Backup and Restore WordPress – Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on the ajax_queue_manual_backup() function. This makes it possible for unauthenticated attackers to trigger backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Title Backup and Restore Wordpress <= 1.50 - Cross-Site Request Forgery to Backup Trigger
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}


cve-icon MITRE

Status: REJECTED

Assigner: Wordfence

Published: 2025-01-07T04:22:21.646Z

Updated: 2025-01-17T16:51:27.104Z

Reserved: 2024-12-04T17:45:38.437Z

Link: CVE-2024-12208

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-01-07T05:15:16.270

Modified: 2025-01-17T17:15:10.740

Link: CVE-2024-12208

cve-icon Redhat

No data.