Description
PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.
Exploits (1)
exploitdb
WORKING POC
by Sense of Security · textwebappsphp
https://www.exploit-db.com/exploits/17056
References (9)
Core 9
Core References
Product x_refsource_confirm
http://wordpress.org/support/topic/plugin-backwpup-remote-and-local-codeexecution-vulnerability-sos-11-003
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/71481
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/17056
Exploit, URL Repurposed x_refsource_misc
http://www.senseofsecurity.com.au/advisories/SOS-11-003.pdf
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Mar/328
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43565
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/11/22/10
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/11/22/7
Exploit x_refsource_misc
http://packetstormsecurity.org/files/view/99799/SOS-11-003.txt
Scores
EPSS
0.0400
EPSS Percentile
88.5%
Details
CWE
CWE-94
Status
published
Products (1)
backwpup/backwpup
< 1.7.1
Published
Oct 08, 2012
Tracked Since
Feb 18, 2026