Stefan Marjanov

**Name of the Vulnerable Software and Affected Versions** BackWPup plugin for WordPress versions up to, and including, 4.0.2 **Description** The issue arises from the improper storage of backup destination passwords in plaintext, allowing authenticated attackers with administrator-level access to retrieve the password from the password input field in the UI or from the options table where the password is stored. **Recommendations** For versions up to, and including, 4.0.2, update to a version later than 4.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the password input field in the UI and the options table to minimize the risk of exploitation.