CVE-2023-5505

Name of the Vulnerable Software and Affected Versions BackWPup plugin for WordPress versions up to, and including, 4.0.1

Description The issue allows authenticated attackers to store backups in arbitrary folders on the server, provided they can be written to by the server. This is achieved via the job-specific backup folder. Default settings will place an index.php and a .htaccess file into the chosen directory when the first backup job is run, intended to prevent directory listing and file access. An attacker could set the backup directory to the root of another site in a shared environment, thus disabling that site.

Recommendations For versions up to, and including, 4.0.1, update to a version later than 4.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the job-specific backup folder to minimize the risk of exploitation. Additionally, monitor server configurations to prevent unauthorized write access to sensitive directories.