PT-2026-41465 · WordPress · Backuprestore

Murat Demirci

·

Published

2026-05-16

·

Updated

2026-05-17

·

CVE-2021-47979

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Backup and Restore version 1.0.3
Description Authenticated attackers can delete arbitrary files from the WordPress installation directory. This is achieved by sending POST requests to the 'admin-ajax.php' endpoint with manipulated file name and folder name parameters.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2021-47979

Affected Products

Backuprestore