WordPress Plugin Vulnerabilities

BackWPup < 4.0.2 - Authenticated (Administrator+) Directory Traversal

Description

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.

Affects Plugins

Plugin icon
backwpup
Fixed in 4.0.2

References

CVE
CVE-2023-5504
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/e830fe1e-1171-46da-8ee7-0a6654153f18

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
8.7 (high)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
bf9ffe11-c9c5-49f3-b1cf-ab3979121850

Timeline

Publicly Published
2023-11-22 (about 2 years ago)
Added
2023-11-24 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2024-11-27
Title
File Manager Pro – Filester < 1.8.6 - Authenticated (Administrator+) Local JavaScript File Inclusion
Published
2015-06-23
Title
wp-instance-rename <= 1.0 - Arbitrary File Download
Published
2025-12-12
Title
PDF Generator Addon for Elementor Page Builder < 2.0.1 - Unauthenticated Path Traversal
Published
2025-07-02
Title
JKDEVKIT <= 1.9.4 - Authenticated (Subscriber+) Arbitrary File Deletion
Published
2024-07-22
Title
MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles < 1.9.3 - Authenticated (Subscriber+) Arbitrary File Deletion