PHP Remote File Inclusion Vulnerabilities in BackUpWordPress Plugin by WordPress
CVE-2007-5800

Currently unrated

Key Information:

Vendor: Wordpress
Status: BackupWordPress Plugin
Vendor: CVE Published:; 3 November 2007

What is CVE-2007-5800?

The BackUpWordPress plugin for WordPress has multiple vulnerabilities that allow attackers to exploit remote file inclusion. These vulnerabilities arise in versions 0.4.2b and earlier, where the malicious injection of a URL into the bkpwp_plugin_path parameter can lead to the execution of arbitrary PHP code in files such as Archive.php, Predicate.php, Writer.php, Reader.php, and other scripts within the plugins/BackUp/Archive/ directory. This can result in severe security risks for websites utilizing this plugin.