Description
WordPress Plugin BackWPup is prone to multiple local file include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. WordPress Plugin BackWPup version 1.5.2 is vulnerable; other versions may also be affected.
Remediation
Update to the latest version
References
Related Vulnerabilities
WordPress Plugin WordPress Facebook SQL Injection (1.0.8)
WordPress Plugin Google Adsense and Hotel Booking Open Proxy (1.0.5)
WordPress Plugin Opal Estate Cross-Site Request Forgery (1.6.11)
Apache error log escape sequence injection vulnerability
WordPress 4.0.x Possible SQL Injection Vulnerability (4.0 - 4.0.19)