ThreatPress

WordPress Vulnerabilities Database

Back

WordPress BackWPup plugin <=3.4.1 - Unrestricted Backup File Download

Product
BackWPup
Description
Unrestricted Backup File Download vulnerability found by Larry W. Cashdollar in WordPress BackWPup plugin (versions <=3.4.1). Backup files are stored insecurely and could be discovered by Google dork and exploited further even for brute-forcing.
Solution
Update the WordPress BackWPup plugin to the latest available version (at least 3.4.2).
Classification
Type BYPASS
OWASP Top 10 A6: Sensitive Data Exposure
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <=3.4.1
Fixed In 3.4.2
Disclosure date
2017-09-28
Credits
Larry W. Cashdollar
Submitter
ThreatPress