Backup Plugin for WordPress contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via a direct request. This directory traversal attack would allow the attacker to gain access to arbitrary files.

Upgrade to version 2.1 or higher, as it has been reported to fix this vulnerability. It is also possible to temporarily work around the flaw by implementing the following workaround: Set the local folder path to a difficult to guess value, as this exploit may only be exploited when the attacker knows the name and path of the file.

• Exploit Database: 19524
• Secunia Advisory ID: 50038
• Vendor Specific Solution URL: http://plugins.trac.wordpress.org/changeset/576649/backup
• Vendor URL: http://wordpress.org/extend/plugins/backup/
• Vendor Specific News/Changelog Entry: http://wordpress.org/extend/plugins/backup/changelog/

• Stephan Knauss

NVD does not currently have a CVSSv2 score assigned.