🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

BackWPup – WordPress Backup Plugin

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > BackWPup – WordPress Backup Plugin

Information

Software Type	Plugin
Software Slug	backwpup (view on wordpress.org)
Software Status	Active
Software Author	wp_media
Software Website	backwpup.com
Software Downloads	14,102,572
Software Active Installs	600,000
Software Record Last Updated	May 9, 2024

7 Vulnerabilities

BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password

2.2

CVE-2023-5775

Feb 23, 2024

Researcher: Stefan Marjanov

BackWPup <= 4.0.3 - Sensitive Information Exposure

7.5

CVE-2023-7164

Dec 18, 2023

Researcher: Dmitrii Ignatyev

BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal

8.7

CVE-2023-5504

Nov 22, 2023

Researcher: Marco Wotschka

BackWPup <= 3.4.1 - Unauthenticated Backup Download

7.5

CVE-2017-2551

Sep 8, 2017

Researcher: Larry W. Cashdollar

BackWPup < 3.0.13 - Cross-Site Scripting

6.1

CVE-2013-4626

Aug 21, 2013

Researcher: High-Tech Bridge Security Research Lab

BackWPup <= 1.7.1 - Remote File Inclusion

9.8

CVE-2011-4342

Mar 28, 2011

Researcher: Phil Taylor - Sense of Security Labs

BackWPup – WordPress Backup Plugin < 1.4.1 - Directory Traversal

7.5

CVE-2011-5208

Mar 2, 2011

Researcher: Danilo Massa

Title	CVE ID	CVSS	Researchers	Date
BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password	CVE-2023-5775	2.2	Stefan Marjanov	February 23, 2024
BackWPup <= 4.0.3 - Sensitive Information Exposure	CVE-2023-7164	7.5	Dmitrii Ignatyev	December 18, 2023
BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal	CVE-2023-5504	8.7	Marco Wotschka	November 22, 2023
BackWPup <= 3.4.1 - Unauthenticated Backup Download	CVE-2017-2551	7.5	Larry W. Cashdollar	September 8, 2017
BackWPup < 3.0.13 - Cross-Site Scripting	CVE-2013-4626	6.1	High-Tech Bridge Security Research Lab	August 21, 2013
BackWPup <= 1.7.1 - Remote File Inclusion	CVE-2011-4342	9.8	Phil Taylor - Sense of Security Labs	March 28, 2011
BackWPup – WordPress Backup Plugin < 1.4.1 - Directory Traversal	CVE-2011-5208	7.5	Danilo Massa	March 2, 2011

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation