PHP Remote File Inclusion Vulnerabilities in BackUpWordPress Plugin by WordPress
CVE-2007-5800
Currently unrated
What is CVE-2007-5800?
The BackUpWordPress plugin for WordPress has multiple vulnerabilities that allow attackers to exploit remote file inclusion. These vulnerabilities arise in versions 0.4.2b and earlier, where the malicious injection of a URL into the bkpwp_plugin_path parameter can lead to the execution of arbitrary PHP code in files such as Archive.php, Predicate.php, Writer.php, Reader.php, and other scripts within the plugins/BackUp/Archive/ directory. This can result in severe security risks for websites utilizing this plugin.