WordPress Plugin Vulnerabilities

Backup Guard < 1.0.3 - Authenticated Arbitrary File Upload

Description

The plugin allowed any authenticated user to call the AJAX actions, including the one to import backups which could lead to arbitrary file upload.

Affects Plugins

Plugin icon
backup
Fixed in 1.0.3

References

URL
https://www.pritect.net/blog/backup-guard-1-0-3-security-vulnerability

Miscellaneous

Submitter
James Golovich
Submitter website
http://pritect.net
Submitter twitter
Pritect
Verified
No
WPVDB ID
195e7905-8171-4ffc-a16f-911730ea28b7

Timeline

Publicly Published
2016-02-15 (about 10 years ago)
Added
2016-02-17 (about 10 years ago)
Last Updated
2021-01-22 (about 5 years ago)

Other

Published
Title
Published
2025-11-07
Title
Alex Reservations: Smart Restaurant Booking < 2.2.4 - Authenticated (Admin+) Arbitrary File Upload
Published
2025-07-03
Title
VikRentCar Car Rental Management System < 1.4.4 - Authenticated (Administrator+) Arbitrary File Upload
Published
2014-08-01
Title
SEO Watcher - Open Flash Chart Arbitrary File Creation
Published
2022-02-14
Title
WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Malicious SVG
Published
2025-05-16
Title
Printcart Web to Print Product Designer for WooCommerce < 2.4.0 - Unauthenticated Arbitrary File Upload