Description
WordPress Plugin Database Backup for WordPress is prone to a directory traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks. WordPress Plugin Database Backup for WordPress version 1.7 is vulnerable; prior versions may also be affected.
Remediation
Update to the latest version
References
http://www.securityfocus.com/bid/19504/exploit
http://www.securityfocus.com/archive/1/443181
http://packetstormsecurity.com/files/view/49285/wordpressTraverse.txt
Related Vulnerabilities
WordPress Plugin SagePay Server Gateway for WooCommerce Cross-Site Scripting (1.0.8)
WordPress Plugin Woocommerce Products Price Bulk Edit Cross-Site Scripting (2.2.0)
WordPress Plugin Share Buttons by AddThis Cross-Site Scripting (5.0.12)
WordPress Plugin WordPress WP-Advanced-Search Remote Code Execution (3.3.3)
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.0)