Inpsyde Backwpup vulnerabilities
5 known vulnerabilities affecting inpsyde/backwpup.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2023-7164P3HIGHCVSS 7.5PoCfixed in 4.0.42024-04-08
CVE-2023-7164 [HIGH] CWE-548 CVE-2023-7164: The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backu
The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database.
nvd
CVE-2023-5504P3HIGHCVSS 8.7≤ 4.0.12024-01-11
CVE-2023-5504 [HIGH] CWE-22 CVE-2023-5504: The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and includ
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the
nvd
CVE-2017-2551P3HIGHCVSS 7.5≤ 3.4.1≥ unspecified, < 3.4.12017-09-28
CVE-2017-2551 [HIGH] CWE-552 CVE-2017-2551: Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup fil
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.
nvd
CVE-2023-5505P4MEDIUMCVSS 6.8fixed in 4.0.22024-08-17
CVE-2023-5505 [MEDIUM] CWE-22 CVE-2023-5505: The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and includ
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess f
nvd
CVE-2023-5775P4LOWCVSS 2.7fixed in 4.0.32024-02-26
CVE-2023-5775 [LOW] CWE-256 CVE-2023-5775: The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with administrator-level access, to retrieve the password from the pa
nvd