Description
WordPress Plugin Backup and Restore WordPress-WPBackItUp is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to delete arbitrary files in the context of the webserver process. WordPress Plugin Backup and Restore WordPress-WPBackItUp version 1.15.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.15.4 or latest
References
http://lenonleite.com.br/en/publish-exploits/plugin-wpbackitup-backup-1-15-3-rce-unlink/
https://plugins.svn.wordpress.org/wp-backitup/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Profiles 'bio-img.php' SQL Injection (2.0RC1)
phpBB CVE-2010-1630 Vulnerability (CVE-2010-1630)
Django Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-19844)
WordPress Plugin WP Database Backup Cross-Site Scripting (5.1.1)
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-13662)