CVE-2024-0842 – The Backuply WordPress plugin is vulnerable to ... (How to Fix)

Q: What is the severity of CVE-2024-0842?

CVE-2024-0842 has a CVSS score of 7.5 (HIGH). The Backuply WordPress plugin is vulnerable to Denial of Service attacks in versions up to 1.2.5. Unauthenticated attackers can directly access the restore_ins.php file and make excessive requests, causing server resource exhaustion. All WordPress sites using vulnerable Backuply versions are affected.

📋 TL;DR

The Backuply WordPress plugin is vulnerable to Denial of Service attacks in versions up to 1.2.5. Unauthenticated attackers can directly access the restore_ins.php file and make excessive requests, causing server resource exhaustion. All WordPress sites using vulnerable Backuply versions are affected.

💻 Affected Systems

Products:

Backuply – Backup, Restore, Migrate and Clone WordPress plugin

Versions: All versions up to and including 1.2.5

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with the Backuply plugin installed and activated.

📦 What is this software?

Backuply by Softaculous

View all CVEs affecting Backuply →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete website unavailability due to server resource exhaustion, potentially affecting all hosted sites on shared hosting environments.

🟠

Likely Case

Website performance degradation or temporary unavailability during attack periods.

🟢

If Mitigated

Minimal impact with proper rate limiting and resource monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests to the vulnerable endpoint can trigger the DoS condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.6

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Backuply plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.2.6+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Block direct access to restore_ins.php

linux

Add .htaccess rule to block direct access to the vulnerable file

# Add to .htaccess in WordPress root directory
<Files "restore_ins.php">
    Order Allow,Deny
    Deny from all
</Files>

Web Application Firewall rule

all

Block requests to /wp-content/plugins/backuply/restore_ins.php

🧯 If You Can't Patch

Temporarily disable the Backuply plugin until patching is possible
Implement rate limiting at web server or CDN level to prevent excessive requests

🔍 How to Verify

Check if Vulnerable:

Check if /wp-content/plugins/backuply/restore_ins.php is accessible without authentication via curl or browser

Check Version:

grep -r "Version:" wp-content/plugins/backuply/backuply.php | head -1

Verify Fix Applied:

Verify Backuply plugin version is 1.2.6 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

High frequency of requests to /wp-content/plugins/backuply/restore_ins.php
Server error logs showing resource exhaustion (memory, CPU)

Network Indicators:

Unusual traffic patterns to the restore_ins.php endpoint
Multiple requests from single IPs in short timeframes

SIEM Query:

source="web_access_logs" AND uri_path="/wp-content/plugins/backuply/restore_ins.php" | stats count by src_ip | where count > 100

📊 Metadata

CVE ID: CVE-2024-0842

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-834

Published: February 9, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0842, you might also want to check these: