ThreatPress

WordPress Vulnerabilities Database

Back

WordPress BackWPup Plugin - Remote and Local Code Execution

Product
BackWPup
Description
WordPress BackWPup plugin is prone to a remote and local code execution vulnerability. The input that is passed to the component "wp_xml_export.php" via the "wpabs" variable allows the inclusion and execution of local or remote PHP files as long as a "_nonce" value is known.
Solution
Update the plugin to version 1.7.1
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-2011-4342
Versions
Affected In <= 1.6.1
Fixed In 1.7.1
Disclosure date
2011-03-28
Credits
Sense of Security