VYPR

Backwpup

by Backwpup

Source repositories

CVEs (5)

  • CVE-2025-15041HigFeb 19, 2026
    risk 0.47cvss 7.2epss 0.00

    The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the save_site_option() function in all versions up to, and including, 5.6.2. This…

  • CVE-2025-10579MedOct 25, 2025
    risk 0.34cvss 5.3epss 0.00

    The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpup_working' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated…

  • CVE-2011-4342Oct 8, 2012
    risk 0.04cvss epss 0.10

    PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.

  • CVE-2023-5505Aug 17, 2024
    risk 0.00cvss epss 0.01

    The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the…

  • CVE-2011-5208Oct 8, 2012
    risk 0.00cvss epss 0.03

    Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/options-view_log-iframe.php or (2) app/options-runnow-iframe.php.