WordPress Plugin Vulnerabilities

Backup by Supsystic <= 2.3.9 - Authenticated Arbitrary File Download and Deletion

Description

The plugin does not check for path traversal attacks, allowing administrator to download and delete any file from the web server. Due to the lack of CSRF check on the file deletion, unauthenticated attacker could make a logged in administrator delete files from the web server as well

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Plugins

backup-by-supsystic

No known fix - plugin closed

References

ExploitDB

49545

Classification

Type

TRAVERSAL

OWASP top 10

A1: Injection

CWE

CWE-22

Miscellaneous

Original Researcher

Erik David Martin

Verified

Yes

WPVDB ID

c2c2feeb-e380-4ec9-be3c-8ffa364c7dcf

Timeline

Publicly Published

2021-02-08 (about 2 years ago)

Added

2021-02-08 (about 2 years ago)

Last Updated

2021-02-09 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin