First published: Tue Mar 07 2023(Updated: )
The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jetbackup Jetbackup | <=1.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2020-36667.
The title of this vulnerability is 'The JetBackup – WP Backup Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes'.
The severity of CVE-2020-36667 is medium (5.4).
Versions up to, and including 1.4.1 of the JetBackup – WP Backup Migrate & Restore plugin for WordPress are affected by CVE-2020-36667.
The CWE number for CVE-2020-36667 is 862.