Unrated severityNVD Advisory· Published Jul 19, 2025· Updated Apr 8, 2026

Simple Backup <= 2.7.10 - Arbitrary File Download via Path Traversal

CVE-2015-10134

Description

The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2.7.10. via the download_backup_file function. This is due to a lack of capability checks and file type validation. This makes it possible for attackers to download sensitive files such as the wp-config.php file from the affected site.

Affected products

Simple Backup/Simple Backupllm-create
Range: <=2.7.10
mywebsiteadvisor/Simple Backupv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/131919/mitre
www.wordfence.com/threat-intel/vulnerabilities/id/29482b70-0ff2-4bb1-9d41-9cffb83b5ad0mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.059
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000