CVE-2024-3412 - Vulnerability Details - OpenCVE

The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.08965.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/changeset/3076275/wp-staging/trunk/Framework/Network/AjaxBackupDownloader.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/8ebb1072-ea05-4914-961d-0d8f20248078?source=cve

History

Thu, 26 Feb 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.03828}`	epss `{'score': 0.07172}`

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-05-29T08:30:06.099Z

Updated: 2024-08-01T20:12:06.925Z

Reserved: 2024-04-05T21:13:10.108Z

Link: CVE-2024-3412

Vulnrichment

Updated: 2024-08-01T20:12:06.925Z

NVD

Status : Awaiting Analysis

Published: 2024-05-29T09:15:09.103

Modified: 2024-11-21T09:29:32.767

Link: CVE-2024-3412

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3412", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-04-05T21:13:10.108Z", "datePublished": "2024-05-29T08:30:06.099Z", "dateUpdated": "2024-08-01T20:12:06.925Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-29T08:30:06.099Z"}, "affected": [{"vendor": "renehermi", "product": "WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "3.4.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore <= 3.4.3 - Authenticated (Admin+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ebb1072-ea05-4914-961d-0d8f20248078?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3076275/wp-staging/trunk/Framework/Network/AjaxBackupDownloader.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "haidv35"}], "timeline": [{"time": "2024-05-28T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3412", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-29T10:45:17.528357Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:32:39.262Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:06.925Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ebb1072-ea05-4914-961d-0d8f20248078?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3076275/wp-staging/trunk/Framework/Network/AjaxBackupDownloader.php", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ebb1072-ea05-4914-961d-0d8f20248078?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3076275/wp-staging/trunk/Framework/Network/AjaxBackupDownloader.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:06.925Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3412", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-29T10:45:17.528357Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-29T10:45:23.431Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore <= 3.4.3 - Authenticated (Admin+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "haidv35"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}}], "affected": [{"vendor": "renehermi", "product": "WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.4.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-05-28T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ebb1072-ea05-4914-961d-0d8f20248078?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3076275/wp-staging/trunk/Framework/Network/AjaxBackupDownloader.php"}], "descriptions": [{"lang": "en", "value": "The WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-29T08:30:06.099Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3412", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:12:06.925Z", "dateReserved": "2024-04-05T21:13:10.108Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-29T08:30:06.099Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}, {"lang": "es", "value": "El complemento WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore para WordPress es vulnerable a cargas de archivos arbitrarias debido a la falta de validaci\u00f3n del tipo de archivo en la acci\u00f3n wpstg_processing AJAX en todas las versiones hasta la 3.4.3 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de administrador y superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2024-3412", "lastModified": "2024-11-21T09:29:32.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-05-29T09:15:09.103", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3076275/wp-staging/trunk/Framework/Network/AjaxBackupDownloader.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ebb1072-ea05-4914-961d-0d8f20248078?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/changeset/3076275/wp-staging/trunk/Framework/Network/AjaxBackupDownloader.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ebb1072-ea05-4914-961d-0d8f20248078?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis"}