Quy Nguyen

**Name of the Vulnerable Software and Affected Versions** CYAN Backup plugin for WordPress versions through 2.5.4 **Description** The CYAN Backup plugin for WordPress has a flaw that allows authenticated attackers with Administrator-level access or higher to delete arbitrary files on the server. This is due to inadequate validation of file paths within the 'delete' functionality. Deleting specific files, such as wp-config.php, could lead to remote code execution. **Recommendations** Update the CYAN Backup plugin to a version newer than 2.5.4.