PT-2026-26714 · WordPress · Keep Backup Daily
San6051
·
Published
2026-03-20
·
Updated
2026-03-21
·
CVE-2026-3339
CVSS v3.1
2.7
Low
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Keep Backup Daily plugin for WordPress versions up to and including 2.1.1
Description
The Keep Backup Daily plugin for WordPress is susceptible to a Limited Path Traversal issue. This is a result of inadequate validation of the
kbd path parameter within the kbd open upload dir AJAX action, where only sanitize text field() is used for sanitization. This insufficient sanitization allows authenticated attackers with Administrator-level access or higher to potentially list the contents of directories outside the intended uploads directory on the server.Recommendations
Versions prior to and including 2.1.1 should be updated.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Keep Backup Daily