WordPress BackWPup plugin is prone to a remote and local code execution vulnerability. The input that is passed to the component “wp_xml_export.php” via the “wpabs” variable allows the inclusion and execution of local or remote PHP files as long as a “_nonce” value is known.
Update the plugin to version 1.7.1