CVE-2026-3339

Name of the Vulnerable Software and Affected Versions Keep Backup Daily plugin for WordPress versions up to and including 2.1.1

Description The Keep Backup Daily plugin for WordPress is susceptible to a Limited Path Traversal issue. This is a result of inadequate validation of the kbd path parameter within the kbd open upload dir AJAX action, where only sanitize text field() is used for sanitization. This insufficient sanitization allows authenticated attackers with Administrator-level access or higher to potentially list the contents of directories outside the intended uploads directory on the server.

Recommendations Versions prior to and including 2.1.1 should be updated.