17 Oct Security Advisory – SOS-11-012 – WordPress Plugin – BackWPUp 2.1.4
Release Date: 17-Oct-2011
Last Update: –
Vendor Notification Date: 14-Oct-2011
Affected versions: 2.1.4
Severity Rating: High
Impact: System access
Attack Vector: Remote without authentication
Solution Status: Upgrade to 2.1.5
CVE reference: Not yet assigned
A vulnerability has been discovered in the WordPress plugin BackWPup 2.1.4 which can be exploited to execute local or remote code on the web server.
There is a lack of data validation on the BackWPUpJobTemp POST parameter of job/wp_export_generate.php allowing an attacker to specify FTP resources as input.
This resource is downloaded and deserialised by the wp_export_generate.php script and variables from this deserialisation are later passed to require_once.
Please refer to the PDF version of this advisory for proof of concept code examples.
Upgrade to BackWPUp 2.1.5 of above.
Phil Taylor from Sense of Security Labs.