CVE-2024-56064
📋 TL;DR
CVE-2024-56064 is an unauthenticated arbitrary file upload vulnerability in the WP SuperBackup WordPress plugin. Attackers can upload malicious files like web shells to vulnerable servers without authentication. This affects all WP SuperBackup installations from unknown versions through 2.3.3.
💻 Affected Systems
- WP SuperBackup WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, ransomware deployment, website defacement, and use as attack platform.
Likely Case
Web shell installation enabling persistent backdoor access, data exfiltration, and further lateral movement.
If Mitigated
File upload blocked or sanitized, preventing malicious file execution.
🎯 Exploit Status
Simple HTTP POST request with malicious file payload.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.4 or later
Restart Required: No
Instructions:
1. Update WP SuperBackup plugin to version 2.3.4 or later via WordPress admin panel. 2. Verify update completed successfully. 3. Remove any suspicious files uploaded during vulnerability window.
🔧 Temporary Workarounds
Disable WP SuperBackup plugin
allTemporarily disable vulnerable plugin until patched.
wp plugin deactivate indeed-wp-superbackup
Restrict file uploads via web server
linuxBlock file uploads to WP SuperBackup endpoint.
# Add to .htaccess for Apache: RewriteRule ^wp-content/plugins/indeed-wp-superbackup/.*\.php$ - [F,L]
# Add to nginx config: location ~ ^/wp-content/plugins/indeed-wp-superbackup/.*\.php$ { deny all; }
🧯 If You Can't Patch
- Disable WP SuperBackup plugin immediately
- Implement web application firewall rules blocking file uploads to plugin endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel for WP SuperBackup plugin version 2.3.3 or earlier.Check Version:
wp plugin list --name=indeed-wp-superbackup --field=versionVerify Fix Applied:
Confirm WP SuperBackup plugin version is 2.3.4 or later in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /wp-content/plugins/indeed-wp-superbackup/ upload endpoints
- File creation in plugin directories with .php extensions
Network Indicators:
- Unusual outbound connections from web server post-file upload
SIEM Query:
source="web_server" AND (uri_path="/wp-content/plugins/indeed-wp-superbackup/*" AND http_method="POST")