Browse all 3 CVE security advisories affecting WPBackItUp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WPBackItUp is a WordPress plugin designed for automated website backups and restoration. Historically, it has been vulnerable to multiple security issues including remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from insufficient input validation and improper file handling. The plugin's security record includes three CVEs, with one notable incident allowing unauthenticated attackers to execute arbitrary code through backup file manipulation. These vulnerabilities typically arise from improper access controls and insecure file operations, potentially compromising entire WordPress installations. The plugin's core functionality as a backup tool makes it particularly critical, as security breaches could lead to complete website takeover or data loss.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-43268 | WordPress Backup and Restore WordPress plugin <= 1.50 - Broken Access Control vulnerability — Backup and Restore WordPressCWE-862 | 5.4 | Medium | 2024-11-01 |
| CVE-2024-43270 | WordPress Backup and Restore WordPress plugin <= 1.50 - Unauthenticated Broken Access Control vulnerability — Backup and Restore WordPressCWE-862 | 5.3 | Medium | 2024-11-01 |
| CVE-2024-43269 | WordPress Backup and Restore WordPress plugin <= 1.50 - Cross Site Request Forgery (CSRF) vulnerability — Backup and Restore WordPressCWE-352 | 4.3 | Medium | 2024-08-26 |
This page lists every published CVE security advisory associated with WPBackItUp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.