First published: Sat Apr 27 2024(Updated: )
The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the context in which the plugin should allow.
Credit: security@wordfence.com
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.