Description
WordPress Plugin BackWPup is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently brute force backup files location. WordPress Plugin BackWPup version 3.4.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.2 or latest
References
Related Vulnerabilities
OpenSSL Out-of-bounds Write Vulnerability (CVE-2017-3737)
WordPress Plugin LearnPress-WordPress LMS Cross-Site Request Forgery (3.2.7.2)
MySQL CVE-2015-4737 Vulnerability (CVE-2015-4737)
SharePoint CVE-2023-36764 Vulnerability (CVE-2023-36764)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-17267)