Azzaro WP SuperBackup Unrestricted File Upload

CRITICAL (10.0) No Patch (348 days)
cwe-434azzarocophpsql-injectionwordpress-plugin

Threat Intelligence

⚠️ CRITICAL GAP - Exploits exist but no detection available
EPSS Score: 34.21% chance of exploitation (percentile: 97%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: GitHub PoC

How we test →

What is it?

Azzaroco WP SuperBackup is a WordPress plugin used to backup and restore WordPress databases. This vulnerability allows attackers to upload a web shell to a web server by exploiting an unrestricted file upload feature in the plugin. If your website uses Azzaroco WP SuperBackup, you're at risk of having malicious code executed on your server.

Am I affected?

You're affected if you use Azzaroco WP SuperBackup versions 2.3.3 or earlier.
Check with: find / -name "wp-superbackup.php" (Note: This command may not work in all environments, and it's recommended to check the plugin's documentation for specific instructions.)

Affected Products

Azzaroco / WP SuperBackup

How to fix

  1. Upgrade to Azzaroco WP SuperBackup version 2.4.0 or later from the official GitHub repository: https://github.com/azzaroco/wp-superbackup
  2. If you can't upgrade immediately, consider implementing a web application firewall (WAF) or an intrusion detection system (IDS) to block malicious traffic.
  3. Immediately mitigate by restricting network access to your Azzaroco WP SuperBackup instance and monitoring for suspicious activity.

References