Search criteria
4 vulnerabilities found for BackWPup – WordPress Backup & Restore Plugin by wp_media
CVE-2025-10579 (GCVE-0-2025-10579)
Vulnerability from nvd – Published: 2025-10-25 04:22 – Updated: 2025-10-27 15:57
VLAI?
Title
BackWPup <= 5.5.0 - Missing Authorization to Sensitive Information Exposure
Summary
The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpup_working' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve access to a back-up's filename while a backup is running. This information has little value on it's own, but could be used to aid in a brute force attack to retrieve back-up contents in limited environments (i.e. NGINX).
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wp_media | BackWPup – WordPress Backup & Restore Plugin |
Affected:
* , ≤ 5.5.0
(semver)
|
Credits
Dmitrii Ignatyev
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:26:17.190248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:57:24.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BackWPup \u2013 WordPress Backup \u0026 Restore Plugin",
"vendor": "wp_media",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The BackWPup \u2013 WordPress Backup \u0026 Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027backwpup_working\u0027 AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve access to a back-up\u0027s filename while a backup is running. This information has little value on it\u0027s own, but could be used to aid in a brute force attack to retrieve back-up contents in limited environments (i.e. NGINX)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-25T04:22:44.402Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1e9a1484-2000-47fa-9890-fa02eddabcd9?source=cve"
},
{
"url": "https://research.cleantalk.org/cve-2025-10579"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3381187%40backwpup%2Ftrunk\u0026old=3362645%40backwpup%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file23"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-24T15:31:35.000+00:00",
"value": "Disclosed"
}
],
"title": "BackWPup \u003c= 5.5.0 - Missing Authorization to Sensitive Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10579",
"datePublished": "2025-10-25T04:22:44.402Z",
"dateReserved": "2025-09-16T19:37:30.649Z",
"dateUpdated": "2025-10-27T15:57:24.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5505 (GCVE-0-2023-5505)
Vulnerability from nvd – Published: 2024-08-17 08:37 – Updated: 2024-08-19 13:46
VLAI?
Title
BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal
Summary
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.
Severity ?
6.8 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wp_media | BackWPup – WordPress Backup & Restore Plugin |
Affected:
* , ≤ 4.0.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:46:19.828541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T13:46:27.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BackWPup \u2013 WordPress Backup \u0026 Restore Plugin",
"vendor": "wp_media",
"versions": [
{
"lessThanOrEqual": "4.0.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-17T08:37:24.102Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/98085a23-0cb6-442a-a28a-cb5c2890b60d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/backwpup/trunk/inc/class-page-editjob.php?rev=2818974#L29"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2980789%40backwpup%2Ftrunk\u0026old=2954541%40backwpup%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3000176/backwpup/trunk/inc/class-destination-folder.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3000176%40backwpup\u0026new=3000176%40backwpup\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-08-16T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "BackWPup \u003c= 4.0.1 - Authenticated (Administrator+) Directory Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-5505",
"datePublished": "2024-08-17T08:37:24.102Z",
"dateReserved": "2023-10-10T18:41:25.972Z",
"dateUpdated": "2024-08-19T13:46:27.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10579 (GCVE-0-2025-10579)
Vulnerability from cvelistv5 – Published: 2025-10-25 04:22 – Updated: 2025-10-27 15:57
VLAI?
Title
BackWPup <= 5.5.0 - Missing Authorization to Sensitive Information Exposure
Summary
The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpup_working' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve access to a back-up's filename while a backup is running. This information has little value on it's own, but could be used to aid in a brute force attack to retrieve back-up contents in limited environments (i.e. NGINX).
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wp_media | BackWPup – WordPress Backup & Restore Plugin |
Affected:
* , ≤ 5.5.0
(semver)
|
Credits
Dmitrii Ignatyev
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:26:17.190248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:57:24.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BackWPup \u2013 WordPress Backup \u0026 Restore Plugin",
"vendor": "wp_media",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The BackWPup \u2013 WordPress Backup \u0026 Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027backwpup_working\u0027 AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve access to a back-up\u0027s filename while a backup is running. This information has little value on it\u0027s own, but could be used to aid in a brute force attack to retrieve back-up contents in limited environments (i.e. NGINX)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-25T04:22:44.402Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1e9a1484-2000-47fa-9890-fa02eddabcd9?source=cve"
},
{
"url": "https://research.cleantalk.org/cve-2025-10579"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3381187%40backwpup%2Ftrunk\u0026old=3362645%40backwpup%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file23"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-24T15:31:35.000+00:00",
"value": "Disclosed"
}
],
"title": "BackWPup \u003c= 5.5.0 - Missing Authorization to Sensitive Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10579",
"datePublished": "2025-10-25T04:22:44.402Z",
"dateReserved": "2025-09-16T19:37:30.649Z",
"dateUpdated": "2025-10-27T15:57:24.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5505 (GCVE-0-2023-5505)
Vulnerability from cvelistv5 – Published: 2024-08-17 08:37 – Updated: 2024-08-19 13:46
VLAI?
Title
BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal
Summary
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.
Severity ?
6.8 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wp_media | BackWPup – WordPress Backup & Restore Plugin |
Affected:
* , ≤ 4.0.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:46:19.828541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T13:46:27.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BackWPup \u2013 WordPress Backup \u0026 Restore Plugin",
"vendor": "wp_media",
"versions": [
{
"lessThanOrEqual": "4.0.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-17T08:37:24.102Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/98085a23-0cb6-442a-a28a-cb5c2890b60d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/backwpup/trunk/inc/class-page-editjob.php?rev=2818974#L29"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2980789%40backwpup%2Ftrunk\u0026old=2954541%40backwpup%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3000176/backwpup/trunk/inc/class-destination-folder.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3000176%40backwpup\u0026new=3000176%40backwpup\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-08-16T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "BackWPup \u003c= 4.0.1 - Authenticated (Administrator+) Directory Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-5505",
"datePublished": "2024-08-17T08:37:24.102Z",
"dateReserved": "2023-10-10T18:41:25.972Z",
"dateUpdated": "2024-08-19T13:46:27.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}