Description
WordPress Plugin BackWPup is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently brute force backup files location. WordPress Plugin BackWPup version 3.4.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.2 or latest
References
Related Vulnerabilities
WordPress Plugin Product Slider for WooCommerce by PickPlugins Cross-Site Scripting (1.13.41)
WordPress Plugin WORDPRESS VIDEO GALLERY SQL Injection (2.7)
Internet Information Services Improper Input Validation Vulnerability (CVE-2000-0258)
WordPress Plugin Booking Package-Appointment Booking Calendar System Cross-Site Scripting (1.5.10)
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2018-20826)