Wordpress recent-backups plugin file download vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language. recent-backups is one of the version of the back plugin. A file download vulnerability exists in version v0.7 of the Wordpress recent-backups plugin, which can be exploited by remote...

CVE-2015-1000006

Remote file download vulnerability in recent-backups v0.7 wordpress plugin...

Remote file inclusion

Remote file download vulnerability in recent-backups v0.7 wordpress plugin...

CVE-2015-1000006

CVE-2015-1000006 corresponds to a remote file download vulnerability in the WordPress plugin recent-backups v0.7. Connected sources confirm a file‑download flaw in the plugin, with OpenVAS and WPVulnDB noting directory traversal/file download risk and WPEX exploit notes that download-file.php doe...

WordPress Recent Backups Plugin 0.7 - Arbitrary File Download

Recent Backups plugin is prone to an arbitrary file download vulnerability because "download-file.php" does not verify the user is logged. It allows an attacker to download arbitrary files from the web server and get potentially sensitive information. Solution Update the plugin...

WordPress Recent Backups 0.7 File Download

Title: Remote file download vulnerability in recent-backups v0.7 wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-07-13 Download Site: https://wordpress.org/plugins/recent-backups Vendor: https://profiles.wordpress.org/andycheeseman/ Vendor Notified: 0000-00-00 Vendor Contact:...

recent-backups <= 0.7 - Remote File Download

Plugin is still affected and has been closed. The code in download-file.php does not verify if the user is logged in or sanitize which files can be downloaded. This vulnerability can be used to download sensitive system files, such as the Linux passwd file. $ curl -v...