• WordPress Plugin BackWPup is prone to multiple local file include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. WordPress Plugin BackWPup version 1.5.2 is vulnerable; other versions may also be affected.

• Update to the latest version

• • http://www.securityfocus.com/bid/46610/exploit
  • http://secunia.com/advisories/43508
  • http://secunia.com/advisories/43565

• 

• CWE-22

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

• Missing Update File Inclusion

• WordPress Plugin Site Editor-WordPress Site Builder-Theme Builder and Page Builder Local File Inclusion (1.1.1)
• WordPress Plugin Duplicator-WordPress Migration Cross-Site Scripting (0.5.26)
• WordPress Plugin WC Duplicate Order Unspecified Vulnerability (1.3)
• WordPress Plugin Bloom eMail Opt-In Security Bypass (1.1)
• WordPress Plugin Master Slider-Responsive Touch Slider Cross-Site Scripting (2.7.1)