CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2026-6227 – BackWPup <= 5.6.6 - Authenticated (Administrator+) Local File Inclusion via 'block_name' Parameter
https://notcve.org/view.php?id=CVE-2026-6227
14 Apr 2026 — The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive `str_replace()` sanitization of path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to include arbitrary PHP files on the server via crafted traversal sequences (e.g., `....//`), which can be leveraged to read sensitive ... • https://plugins.trac.wordpress.org/browser/backwpup/tags/5.6.5/inc/Utils/BackWPupHelpers.php#L23 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-15041 – BackWPup <= 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2025-15041
18 Feb 2026 — The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the save_site_option() function in all versions up to, and including, 5.6.2. This makes it possible for authenticated attackers, with level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registra... • https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab8f440-2910-41a3-8bbc-afb4cafd33b5?source=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-10579 – BackWPup <= 5.5.0 - Missing Authorization to Sensitive Information Exposure
https://notcve.org/view.php?id=CVE-2025-10579
24 Oct 2025 — The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpup_working' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve access to a back-up's filename while a backup is running. This information has little value on it's own, but could be used to aid in a brute force attack to retrieve back-up co... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3381187%40backwpup%2Ftrunk&old=3362645%40backwpup%2Ftrunk&sfp_email=&sfph_mail=#file23 • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5505 – BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal
https://notcve.org/view.php?id=CVE-2023-5505
16 Aug 2024 — The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This m... • https://plugins.trac.wordpress.org/browser/backwpup/trunk/inc/class-page-editjob.php?rev=2818974#L29 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5775 – BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password
https://notcve.org/view.php?id=CVE-2023-5775
23 Feb 2024 — The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with administrator-level access, to retrieve the password from the password input field in the UI or from the options table where the password is stored. El complemento BackWPup para WordPress es vulnerable al almacenamiento... • https://plugins.trac.wordpress.org/changeset/3039678/backwpup • CWE-256: Plaintext Storage of a Password •