BackUpWordPress Plugin Vulnerable to Directory Traversal
CVE-2024-3034
2.7LOW
What is CVE-2024-3034?
The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the context in which the plugin should allow.
Affected Version(s)
BackUpWordPress * <= 3.13