Summary
The ezpz-one-click-backup plugin for WordPress is prone to remote code execution vulnerability because it fails to properly validate user supplied input.
Impact
An attacker can exploit this issue to execute arbitrary code within the context of the web server.
Solution
Remove this plugin from your WordPress installation.
Insight
Input passed via the 'cmd' parameter in ezpz-archive-cmd.php is not properly sanitized.
Affected
12.03.10 and some earlier versions
Detection
Send a special crafted HTTP GET request and check the response.
References
Updated on 2015-03-25
