Summary
This host is installed with WordPress BackWPup Plugin and is prone to remote PHP code execution vulnerability.
Impact
Successful exploitation will let remote attackers to execute malicious PHP code to in the context of an affected site.
Impact Level: Application/System
Solution
Upgrade BackWPup Wordpress plugin to 1.7.1 or later, For updates refer to http://wordpress.org/extend/plugins/backwpup/
NOTE : Exploit will work properly,
register_globals=On, allow_url_include=On and magic_quotes_gpc=Off
Insight
The flaws are caused by improper validation of user-supplied input to the 'wpabs' parameter in 'wp-content/plugins/backwpup/app/wp_xml_export.php', which allows attackers to execute arbitrary PHP code in the context of an affected site.
Affected
BackWPup Wordpress plugin version 1.6.1, Other versions may also be affected.
References