Bence Szalai

**Name of the Vulnerable Software and Affected Versions** Backuply – Backup, Restore, Migrate and Clone plugin for WordPress versions up to, and including, 1.2.3 **Description** The issue allows attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information, via the `node id` parameter in the `backuply get jstree` function. This is a Directory Traversal vulnerability. **Recommendations** For versions up to, and including, 1.2.3, consider disabling the `backuply get jstree` function until a patch is available to prevent exploitation. Restrict access to the `node id` parameter to minimize the risk of arbitrary file reading.

**Name of the Vulnerable Software and Affected Versions** The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.19 **Description** The issue allows authenticated attackers to rename arbitrary files on the server via the `rename item` function, potentially leading to site takeovers if the `wp-config.php` file can be renamed. By default, this can be exploited by administrators only, but in the premium version, administrators can give gallery management permissions to lower-level users, making it exploitable by users as low as contributors. Over 200,000 sites are at risk. **Recommendations** For versions up to, and including, 1.8.19, update to a version higher than 1.8.19 to resolve the issue. As a temporary workaround, consider restricting access to the `rename item` function until a patch is available. Restrict gallery management permissions to minimize the risk of exploitation.