Tripleaxis

**Name of the Vulnerable Software and Affected Versions** Skippy WP-DB-Backup plugin for WordPress versions 1.7 and earlier **Description** The issue allows remote authenticated users with administrative privileges to read arbitrary files. This is achieved by exploiting a directory traversal vulnerability in the wp-db-backup.php file, specifically by using a .. (dot dot) in the `backup` parameter to the `edit.php` endpoint. **Recommendations** For Skippy WP-DB-Backup plugin for WordPress versions 1.7 and earlier, consider disabling the `wp-db-backup.php` file or restricting access to the `edit.php` endpoint until a patch is available. Avoid using the `backup` parameter in the `edit.php` endpoint to minimize the risk of exploitation.