Wp Media Backwpup Wordpress Backup Restore Plugin vulnerabilities
6 known vulnerabilities affecting wp_media/backwpup_wordpress_backup_restore_plugin.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2025-15041P3HIGHCVSS 7.2≥ *, ≤ 5.6.22026-02-19
CVE-2025-15041 [HIGH] CWE-862 CVE-2025-15041: The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized
The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the save_site_option() function in all versions up to, and including, 5.6.2. This makes it possible for authenticated attackers, with level access and above,
nvd
CVE-2026-6227P3HIGHCVSS 7.2≤ 5.6.62026-04-14
CVE-2026-6227 [HIGH] CWE-22 CVE-2026-6227: The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` paramet
The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive `str_replace()` sanitization of path traversal sequences. This makes it possible for authenticated attackers, with Administrator-leve
nvd
CVE-2023-5504P3HIGHCVSS 8.7≤ 4.0.12024-01-11
CVE-2023-5504 [HIGH] CWE-22 CVE-2023-5504: The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and includ
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the
nvd
CVE-2023-5505P4MEDIUMCVSS 6.8≤ 4.0.12024-08-17
CVE-2023-5505 [MEDIUM] CWE-22 CVE-2023-5505: The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and includ
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess f
nvd
CVE-2025-10579P4MEDIUMCVSS 5.3≥ *, ≤ 5.5.02025-10-25
CVE-2025-10579 [MEDIUM] CWE-862 CVE-2025-10579: The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized
The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpup_working' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve access to a back
nvd
CVE-2023-5775P4LOWCVSS 2.7≤ 4.0.22024-02-26
CVE-2023-5775 [LOW] CWE-256 CVE-2023-5775: The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with administrator-level access, to retrieve the password from the pa
nvd