Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in BackWPup – WordPress Backup Plugin 4.0.1

  • Severity: high-risk
  • Status: Fixed
  • Publication: November 22, 2023

The BackWPup plugin for WordPress has a security vulnerability in versions up to and including 4.0.1. This vulnerability, called Directory Traversal, could allow an authenticated attacker to store backups in any folder on the server that the server can write to. The plugin’s default settings will also create an index.php and a .htaccess file in the chosen directory when the first backup job runs. This is meant to prevent people from viewing or accessing the files. However, if the attacker sets the backup directory to the root of another site in a shared environment, then they could disable that site.

Detected in:

BackWPup – WordPress Backup & Restore Plugin fixed vulnerable versions:
BackWPup – WordPress Backup Plugin fixed vulnerable versions: >= * <= 4.0.1
BackWPup – WordPress Backup Plugin | Easy Backup & Restore fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.