Dk0Pf

Name of the Vulnerable Software and Affected Versions: BackUpWordPress versions up to, and including, 3.13 Description: The issue is related to errors in handling relative path to directory when processing the `hmbkp directory browse` parameter, allowing remote attackers to gain unauthorized access to protected information. This vulnerability enables authenticated attackers with administrator-level access and above to traverse directories outside of the allowed context via the `hmbkp directory browse` parameter. Recommendations: For versions up to, and including, 3.13, consider disabling the `hmbkp directory browse` parameter until a patch is available to prevent directory traversal attacks. Restrict access to sensitive directories and ensure that only necessary personnel have administrator-level access to minimize the risk of exploitation.