CVE-2024-8669 – This SQL injection vulnerability in the Backupl... (How to Fix)

Q: What is the severity of CVE-2024-8669?

CVE-2024-8669 has a CVSS score of 9.1 (CRITICAL). This SQL injection vulnerability in the Backuply WordPress plugin allows authenticated attackers with administrator privileges to execute arbitrary SQL queries. Attackers can extract sensitive database information including user credentials, configuration data, and other protected content. All WordPress sites using Backuply version 1.3.4 or earlier are affected.

📋 TL;DR

This SQL injection vulnerability in the Backuply WordPress plugin allows authenticated attackers with administrator privileges to execute arbitrary SQL queries. Attackers can extract sensitive database information including user credentials, configuration data, and other protected content. All WordPress sites using Backuply version 1.3.4 or earlier are affected.

💻 Affected Systems

Products:

Backuply – Backup, Restore, Migrate and Clone WordPress plugin

Versions: All versions up to and including 1.3.4

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated administrator access to exploit. WordPress multisite installations are also affected.

📦 What is this software?

Backuply by Softaculous

View all CVEs affecting Backuply →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to credential theft, data exfiltration, privilege escalation, and potential site takeover.

🟠

Likely Case

Sensitive data extraction including user credentials, configuration secrets, and personal information from the database.

🟢

If Mitigated

Limited impact if proper access controls restrict administrator accounts and database permissions are minimized.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator credentials. The vulnerability is in a publicly accessible function with insufficient input sanitization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.5

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3151205/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Backuply and click 'Update Now'. 4. Verify version shows 1.3.5 or higher.

🔧 Temporary Workarounds

Disable Backuply Plugin

all

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate backuply

Restrict Administrator Access

all

Limit administrator accounts and implement strong authentication controls

🧯 If You Can't Patch

Remove administrator access from untrusted users and implement strict access controls
Implement web application firewall rules to block SQL injection patterns targeting the backuply_wp_clone_sql function

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Backuply version. If version is 1.3.4 or lower, you are vulnerable.

Check Version:

wp plugin get backuply --field=version

Verify Fix Applied:

After updating, verify Backuply version shows 1.3.5 or higher in WordPress admin plugins page.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in WordPress or database logs containing 'backuply_wp_clone_sql'
Multiple failed administrator login attempts followed by successful login

Network Indicators:

POST requests to WordPress admin-ajax.php with 'action=backuply_wp_clone_sql' containing SQL injection patterns

SIEM Query:

source="wordpress.log" AND "backuply_wp_clone_sql" AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE")

📊 Metadata

CVE ID: CVE-2024-8669

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-89

Published: September 14, 2024

Last Updated: September 27, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8669, you might also want to check these: