PHP Remote File Inclusion Vulnerabilities in BackUpWordPress Plugin by WordPress
CVE-2007-5800

Currently unrated

Key Information:

Vendor

Wordpress

Vendor
CVE Published:
3 November 2007

What is CVE-2007-5800?

The BackUpWordPress plugin for WordPress has multiple vulnerabilities that allow attackers to exploit remote file inclusion. These vulnerabilities arise in versions 0.4.2b and earlier, where the malicious injection of a URL into the bkpwp_plugin_path parameter can lead to the execution of arbitrary PHP code in files such as Archive.php, Predicate.php, Writer.php, Reader.php, and other scripts within the plugins/BackUp/Archive/ directory. This can result in severe security risks for websites utilizing this plugin.

References

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
The Cyber Security Vulnerability Database.