BackWPup < 4.0.2 – Admin+ Directory Traversal | CVE 2023-5505 | Plugin Vulnerabilities

Description

The plugin for WordPress is vulnerable to Directory Traversal via the job-specific backup folder. This allows high privilege users, such as administrator to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.

Affects Plugins

Fixed in 4.0.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/98085a23-0cb6-442a-a28a-cb5c2890b60d

Classification

Type

TRAVERSAL

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Marco Wotschka

Verified

No

WPVDB ID

ae424b2e-5217-4479-9c95-a9e710713ece

Timeline

Publicly Published

2024-08-16 (about 1 year ago)

Added

2024-08-19 (about 1 year ago)

Last Updated

2024-08-19 (about 1 year ago)

Other

Published

Title

Published

2021-11-11

Title

Download Plugin < 2.0.0 - Subscriber+ Website Download

Published

2022-09-05

Title

Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal

Published

2025-10-15

Title

Download Counter Button <= 1.8.6.7 - Unauthenticated Arbitrary File Download

Published

2021-02-08

Title

Digital Publications by Supsystic < 1.6.12 - Authenticated Path Traversal

Published

2021-01-15

Title

Simple Job Board < 2.9.4 - Authenticated Path Traversal Leading to Arbitrary File Download