CVE-2023-5775

Name of the Vulnerable Software and Affected Versions BackWPup plugin for WordPress versions up to, and including, 4.0.2

Description The issue arises from the improper storage of backup destination passwords in plaintext, allowing authenticated attackers with administrator-level access to retrieve the password from the password input field in the UI or from the options table where the password is stored.

Recommendations For versions up to, and including, 4.0.2, update to a version later than 4.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the password input field in the UI and the options table to minimize the risk of exploitation.