PHP Remote File Inclusion Vulnerability in BackWPup Plugin for WordPress
CVE-2011-4342

Currently unrated

Key Information:

Vendor: Wordpress
Status: BackWPup
Vendor: CVE Published:; 8 October 2012

Summary

The BackWPup plugin for WordPress is affected by a PHP remote file inclusion vulnerability found in the wp_xml_export.php file. This vulnerability enables remote attackers to execute arbitrary PHP code by injecting a malicious URL into the wpabs parameter. It is critical for users of the BackWPup plugin, especially those running versions prior to 1.7.2, to ensure they apply necessary updates to safeguard their sites from potential exploits.

References

http://wordpress.org/support/topic/plugin-backwpup-remote...

x_refsource_CONFIRM

http://www.osvdb.org/71481

vdb-entryx_refsource_OSVDB

http://www.exploit-db.com/exploits/17056

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 8, 2012