The vulnerability identified as CVE-2024-56070 affects the azzaroco WP SuperBackup plugin for WordPress (versions up to 2.3.3). It is caused by missing authorization checks, which result in incorrectly configured access control security levels. This allows users with limited privileges to perform actions that should be restricted, potentially impacting the confidentiality, integrity, and availability of the backup data managed by the plugin. The CVSS 3.1 base score is 7.4, reflecting network attack vector, low attack complexity, required privileges, no user interaction, and a scope change with partial impacts on confidentiality, integrity, and availability.

An attacker with limited privileges on a WordPress site using the vulnerable WP SuperBackup plugin could exploit missing authorization controls to access or manipulate backup data improperly. This could lead to unauthorized disclosure, modification, or deletion of backup information, potentially compromising site recovery capabilities and data integrity. The vulnerability affects confidentiality, integrity, and availability to some extent as indicated by the CVSS vector. No known active exploitation has been reported.

Patch status is not yet confirmed — no official fix or patch information is currently available from the vendor or advisory sources. Users should monitor the vendor's official channels for updates and apply any forthcoming patches promptly. Until a fix is released, restrict access to the plugin's functionality to trusted administrators only and review user privileges to minimize risk.