CVE-2026-1311

Name of the Vulnerable Software and Affected Versions Worry Proof Backup versions up to and including 0.2.4

Description The Worry Proof Backup plugin for WordPress is susceptible to a path traversal issue in all versions up to and including 0.2.4 through the backup upload functionality. Authenticated attackers with Subscriber-level access or higher can upload a malicious ZIP archive containing path traversal sequences. This allows them to write arbitrary files anywhere on the server, including executable PHP files, potentially leading to remote code execution (RCE). The vulnerability resides in the way the plugin handles file uploads, specifically allowing manipulation of file paths.

Recommendations Versions prior to 0.2.4 should be updated to a newer, fixed version when available.