Wp_media Backwpup – Wordpress Backup & Restore Plugin
6 CVEs affecting Wp_media Backwpup – Wordpress Backup & Restore Plugin. Latest disclosed: 2026-04-14. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-5504 | High | 8.7 | 2024-01-11 | The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticat… |
CVE-2026-6227 | High | 7.2 | 2026-04-14 | The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST endpoint in… |
CVE-2025-15041 | High | 7.2 | 2026-02-19 | The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation… |
CVE-2023-5505 | Medium | 6.8 | 2024-08-17 | The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows… |
CVE-2025-10579 | Medium | 5.3 | 2025-10-25 | The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ba… |
CVE-2023-5775 | Low | 2.2 | 2024-02-24 | The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to… |