CVE-2023-7164

Name of the Vulnerable Software and Affected Versions BackWPup WordPress plugin versions prior to 4.0.4

Description The issue allows unauthenticated attackers to download backups of a site's database due to the lack of prevention of Directory Listing in the temporary backup folder. This exposes sensitive data, potentially leading to account hijacking and system compromise. Over 600,000 WordPress sites using the BackWPup plugin are estimated to be at risk.

Recommendations For versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary backup folder to minimize the risk of exploitation.