WordPress Plugin Vulnerabilities

Backwpup < 1.7.2 - Remote File Inclusion

Description

The BackWPup – WordPress Backup Plugin WordPress plugin was affected by a Remote File Inclusion security vulnerability.

Affects Plugins

Plugin icon
backwpup
Fixed in 1.7.2

References

CVE
CVE-2011-4342
Exploitdb
17056
URL
https://packetstormsecurity.com/files/#99799/
URL
https://seclists.org/fulldisclosure/2011/Mar/328
URL
https://web.archive.org/web/20191128050912/https://www.senseofsecurity.com.au/sitecontnt/uploads/2015/03/SOS-11-003.pdf
URL
https://www.openwall.com/lists/oss-security/2011/11/22/7
URL
https://www.openwall.com/lists/oss-security/2011/11/22/10

Classification

Type
RFI
OWASP top 10
A1: Injection
CWE
CWE-98

Miscellaneous

Verified
No
WPVDB ID
3cc9cb87-16e4-4b88-9128-056f67981c7e

Timeline

Publicly Published
2011-03-28 (about 15 years ago)
Added
2019-08-26 (about 6 years ago)
Last Updated
2019-12-23 (about 6 years ago)

Other

Published
Title
Published
2024-07-05
Title
ShopBuilder – Elementor WooCommerce Builder Addons < 2.1.13 - Authenticated (Contributor+) Local File Inclusion
Published
2026-02-27
Title
Bazinga <= 1.1.9 - Unauthenticated Local File Inclusion
Published
2024-11-13
Title
Chartify – WordPress Chart Plugin < 2.9.6 - Unauthenticated Local File Inclusion via source
Published
2025-03-28
Title
Pop-Up Chop Chop <= 2.1.7 - Authenticated (Contributor+) Local File Inclusion
Published
2025-08-22
Title
The Gig <= 1.18.0 - Unauthenticated Local File Inclusion