CVE-2023-5504 : The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versio

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.

Published 2024-01-11 09:15:48

Updated 2024-01-17 19:50:58

Source Wordfence

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2023-5504

Inpsyde » Backwpup » For Wordpress
Versions up to, including, (<=) 4.0.1
cpe:2.3:a:inpsyde:backwpup:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-5504

EPSS FAQ

0.53%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-5504

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.7	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H	2.3	5.8	NIST	2024-01-17
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: None Integrity: High Availability: High
8.7	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H	2.3	5.8	Wordfence	2024-01-11
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: None Integrity: High Availability: High

CWE ids for CVE-2023-5504

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-5504

https://www.wordfence.com/threat-intel/vulnerabilities/id/e830fe1e-1171-46da-8ee7-0a6654153f18?source=cve

BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal
Product;Third Party Advisory
https://plugins.trac.wordpress.org/browser/backwpup/trunk/inc/class-page-settings.php?rev=2818974#L457

429 Too Many Requests
Issue Tracking
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3000176%40backwpup%2Ftrunk&old=2980789%40backwpup%2Ftrunk&sfp_email=&sfph_mail=

429 Too Many Requests
Patch

Jump to

Vulnerability Details : CVE-2023-5504

Products affected by CVE-2023-5504

Exploit prediction scoring system (EPSS) score for CVE-2023-5504

CVSS scores for CVE-2023-5504

CWE ids for CVE-2023-5504

References for CVE-2023-5504