CVE-2023-7164 BackWPup < 4.0.4 - Unauthenticated Backup Download

2024-04-0817:28:14

WPScan

www.cve.org

backwpup

wordpress

unauthenticated

backup

download

database

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site’s database.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "BackWPup",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.0.4"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]