ThreatPress

WordPress Vulnerability Database

Back

WordPress Backup by Supsystic plugin <= 2.3.12 - Local File Inclusion (LFI) vulnerability

Product
Backup by Supsystic
Description
Local File Inclusion (LFI) vulnerability found by Erik David Martin in WordPress Backup by Supsystic plugin (versions <= 2.3.12).
Solution
2021-02-08 - we were unable to find a patched version of this plugin. Notice from WordPress plugin repository: "This plugin has been closed as of December 1, 2020 and is not available for download. Reason: Security Issue."
Classification
Type Local File Inclusion
OWASP Top 10 A1: Injection
References
Vulnerability details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 2.3.12
Disclosure date
2021-02-08
Credits
Erik David Martin