PHP Remote File Inclusion Vulnerabilities in BackUpWordPress Plugin by WordPress
CVE-2007-5800

Currently unrated

Key Information:

Vendor: Wordpress
Status: BackupWordPress Plugin
Vendor: CVE Published:; 3 November 2007

Summary

The BackUpWordPress plugin for WordPress has multiple vulnerabilities that allow attackers to exploit remote file inclusion. These vulnerabilities arise in versions 0.4.2b and earlier, where the malicious injection of a URL into the bkpwp_plugin_path parameter can lead to the execution of arbitrary PHP code in files such as Archive.php, Predicate.php, Writer.php, Reader.php, and other scripts within the plugins/BackUp/Archive/ directory. This can result in severe security risks for websites utilizing this plugin.

References

http://osvdb.org/38479

vdb-entryx_refsource_OSVDB

http://wordpress.designpraxis.at/2007/11/01/security-vuln...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2007/3744

vdb-entryx_refsource_VUPEN

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 3, 2007
Vulnerability Reserved
Nov 2, 2007