CVE-2024-56064: 
WordPress vulnerability analysis and mitigation

CVE-2024-56064 is a critical vulnerability affecting Azzaroco WP SuperBackup plugin versions up to 2.3.3. The vulnerability, discovered by Dave Jong and disclosed on December 18, 2024, allows unrestricted upload of files with dangerous types, enabling attackers to upload web shells to a web server (Patchstack, WPScan).

The vulnerability is classified as an Unrestricted Upload of File with Dangerous Type (CWE-434). It has received a Critical CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating the highest possible severity level. The vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site's server, which could lead to remote code execution (Patchstack).

The vulnerability's impact is severe as it allows attackers to upload malicious files, including web shells, to the server. This can lead to complete server compromise, enabling attackers to execute arbitrary code and potentially gain full control over the affected WordPress installation (Patchstack, Cyble).

The vulnerability has been fixed in version 2.4 of the WP SuperBackup plugin. Users are strongly advised to update to version 2.4 or later immediately. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until the update can be applied (Patchstack).