Description
WordPress Plugin Backup and Restore WordPress-WPBackItUp is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Backup and Restore WordPress-WPBackItUp version 1.6.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7.0 or latest
References
http://www.estacion-informatica.com/2014/05/wp-backitup-arbitrary-file-deletion.html
http://www.quantika14.com/blog/2014/04/28/wordpressa-rep-1-28-abril-2014/
Related Vulnerabilities
WordPress Plugin Duplicator-WordPress Migration Unspecified Vulnerability (1.1.34)
WordPress Plugin YITH WooCommerce Zoom Magnifier Security Bypass (1.3.11)
WordPress Plugin User Registration, Login & Landing Pages-LeadMagic Cross-Site Scripting (1.2.7)
WordPress Plugin WP Super Cache Remote Code Execution (1.7.1)