CVE-2023-7164

HIGH NUCLEI

BackWPup <4.0.4 - Path Traversal

Title source: llm

Description

The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database.

Nuclei Templates (1)

WordPress BackWPup < 4.0.4 - Backup File Disclosure

HIGHVERIFIEDby 0x_Akoko

FOFA: body="/wp-content/plugins/backwpup/"

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/79b07f37-2c6b-4846-bb28-91a1e5bf112e/

Scores

CVSS v3 7.5

EPSS 0.2544

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

inpsyde/backwpup < 4.0.4

Published Apr 08, 2024

Tracked Since Feb 18, 2026