ThreatPress

WordPress Vulnerability Database

Back

WordPress Backup Guard plugin <= 1.5.9 - Authenticated Arbitrary File Upload vulnerability

Product
Backup Guard
Description
Authenticated Arbitrary File Upload vulnerability found by Nguyen Van Khanh in WordPress Backup Guard plugin (versions <= 1.5.9).
Solution
Update the WordPress Backup Guard plugin to the latest available version (at least 1.6.0).
Classification
Type Arbitrary File Upload
OWASP Top 10 A1: Injection
References
Vulnerability details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 1.5.9
Fixed In 1.6.0
Disclosure date
2021-02-18
Credits
WPScan