CVE-2025-10307

Name of the Vulnerable Software and Affected Versions Backuply – Backup, Restore, Migrate and Clone plugin for WordPress versions through 1.4.8

Description The Backuply plugin for WordPress is susceptible to arbitrary file deletion because of inadequate file path validation within the delete backup functionality. An authenticated attacker with Administrator-level access or higher can delete any file on the server. Deleting specific files, such as wp-config.php, could lead to remote code execution.

Recommendations Update the Backuply plugin to a version later than 1.4.8.