CVE-2023-5504

Name of the Vulnerable Software and Affected Versions BackWPup plugin for WordPress versions up to, and including, 4.0.1

Description The issue allows authenticated attackers to store backups in arbitrary folders on the server, provided they can be written to by the server, via the Log File Folder. This is due to a Directory Traversal vulnerability. Default settings will place an index.php and a .htaccess file into the chosen directory when the first backup job is run, intended to prevent directory listing and file access. An attacker could set the backup directory to the root of another site in a shared environment, thus disabling that site.

Recommendations For versions up to, and including, 4.0.1, update to a version later than 4.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the Log File Folder to minimize the risk of exploitation. Additionally, review and restrict the backup directory settings to prevent unauthorized access.