WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1)

Description
  • WordPress Plugin BackWPup is prone to a vulnerability which can be exploited to execute local or remote code on the web server. The Input passed to the component "wp_xml_export.php" via the "wpabs" variable allows the inclusion and execution of local or remote PHP files as long as a "_nonce" value is known. The "_nonce" value relies on a static constant which is not defined in the script meaning that it defaults to the value "822728c8d9". WordPress Plugin BackWPup version 1.6.1 is vulnerable; other versions may also be affected.
Remediation
  • Update to the latest version
References