BackWPup – WordPress Backup & Restore Plugin Vulnerability – Authenticated (Administrator+) Directory Traversal – CVE-2023-5505 | WordPress Plugin Vulnerability Report

Plugin Name: BackWPup – WordPress Backup & Restore Plugin

Key Information:

  • Software Type: Plugin
  • Software Slug: backwpup
  • Software Status: Active
  • Software Author: wp_media
  • Software Downloads: 15,311,423
  • Active Installs: 600,000
  • Last Updated: August 18, 2024
  • Patched Versions: 4.0.2
  • Affected Versions: <= 4.0.1

Vulnerability Details:

  • Name: BackWPup <= 4.0.1
  • Type:
  • CVE: CVE-2023-5505
  • CVSS Score: 6.8
  • Publicly Published: August 16, 2024
  • Researcher: Marco Wotschka - Wordfence
  • Description: The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This vulnerability allows authenticated attackers with Administrator privileges to store backups in arbitrary folders on the server that can be written to by the server. Additionally, the plugin’s default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run. These files are intended to prevent directory listing and file access, but this also means that an attacker could set the backup directory to the root of another site in a shared environment, potentially disabling that site.

Summary:

The BackWPup – WordPress Backup & Restore Plugin has a vulnerability in versions up to and including 4.0.1 that allows authenticated users with Administrator privileges to perform directory traversal attacks. This vulnerability could enable attackers to store backups in arbitrary folders on the server, potentially interfering with other sites in a shared hosting environment. This vulnerability has been patched in version 4.0.2.

Detailed Overview:

The BackWPup plugin, which is widely used for backing up and restoring WordPress sites, has been found to have a significant security flaw. The vulnerability, identified as CVE-2023-5505, allows an attacker with Administrator access to manipulate the directory in which backups are stored by exploiting a directory traversal issue. This means that, in a shared hosting environment, an attacker could target another site by setting the backup directory to that site’s root, potentially disabling it by placing an index.php and .htaccess file there.

This issue, discovered by Marco Wotschka from Wordfence, has been rated with a CVSS score of 6.8, indicating a medium to high severity. The fact that it requires Administrator access mitigates the risk to some extent, but the potential impact—particularly in shared environments—makes this a serious concern. Users of BackWPup are strongly advised to update to version 4.0.2, which addresses this vulnerability.

Advice for Users:

  • Immediate Action: Update your BackWPup plugin to version 4.0.2 or later as soon as possible to prevent the risk of directory traversal attacks and ensure the security of your site and any other sites on a shared server.
  • Check for Signs of Vulnerability: Review the backup directory settings on your site, especially if you suspect unauthorized changes. Also, check for unusual files in critical directories, such as the root of your WordPress installation or other sites in a shared environment.
  • Alternate Plugins: While a patch is available, users might consider exploring alternative backup plugins if they are concerned about the plugin's history of vulnerabilities or are looking for additional features.
  • Stay Updated: Regularly updating all your WordPress plugins and core installation is crucial for maintaining your site’s security. Consider enabling automatic updates where possible to reduce the risk of future vulnerabilities.

Conclusion:

The prompt response from the BackWPup developers to patch this vulnerability underscores the importance of keeping your plugins updated. In shared hosting environments, even seemingly small vulnerabilities can have significant impacts. Ensuring that you are running version 4.0.2 or later of the BackWPup plugin is crucial to maintaining the security and stability of your WordPress installations. Regular maintenance and staying informed about potential vulnerabilities are essential practices for safeguarding your website.

References:

Detailed Report:

Maintaining the security of your WordPress website is an ongoing responsibility, especially for small business owners who often juggle many tasks at once. Keeping your site’s plugins updated might not always be a top priority, but failing to do so can leave your site exposed to significant security risks. A recent vulnerability discovered in the BackWPup – WordPress Backup & Restore Plugin highlights the critical importance of regular updates and proactive security measures.

This vulnerability, known as CVE-2023-5505, affects versions of the BackWPup plugin up to 4.0.1. It allows authenticated users with Administrator privileges to exploit a directory traversal flaw, enabling them to store backups in arbitrary folders on the server. This issue can be particularly dangerous in shared hosting environments, where an attacker could potentially disrupt other sites by placing backup files in their root directories. With over 600,000 active installs, the potential impact of this vulnerability is significant, making it crucial for all users to take immediate action.

Risks and Potential Impacts of the Vulnerability:

This vulnerability presents significant risks, particularly in shared hosting environments. An attacker with Administrator access could exploit this flaw to manipulate where backups are stored, potentially targeting the root directory of another website on the same server. By placing critical files like index.php and .htaccess in these directories, the attacker could effectively disable the targeted site, leading to downtime, data loss, or other operational disruptions.

The CVSS score of 6.8 reflects the medium to high severity of this issue, considering the potential impacts in a shared environment. While the requirement for Administrator access does mitigate the risk somewhat, the consequences of an exploit could be severe, making it essential to address this vulnerability promptly.

How to Remediate the Vulnerability:

  • Immediate Action: Update your BackWPup plugin to version 4.0.2 or later. This update patches the vulnerability, preventing attackers from exploiting the directory traversal flaw.
  • Check for Signs of Vulnerability: Review your backup directory settings to ensure they haven’t been tampered with. Also, inspect critical directories, such as the root of your WordPress installation or other sites in a shared environment, for any unusual files that could indicate an attempted attack.
  • Consider Alternate Plugins: If you’re concerned about the history of vulnerabilities in BackWPup, you might explore alternative backup solutions that offer similar functionality. Always choose plugins that are regularly updated and have a strong track record of security.
  • Stay Updated: Regular updates are crucial for all your WordPress plugins and core installation. Consider enabling automatic updates where possible to reduce the risk of future vulnerabilities and to ensure that your site remains secure.

Overview of Previous Vulnerabilities:

BackWPup has had a total of seven previous vulnerabilities since March 2, 2011. While the developers have been responsive in releasing patches, the recurring nature of these issues underscores the importance of regular updates. Staying informed about the security posture of your plugins and acting quickly when vulnerabilities are disclosed can significantly reduce the risk of your site being compromised.

Conclusion:

For small business owners, managing a WordPress site involves more than just content creation and customer interaction; it also requires a vigilant approach to security. The BackWPup vulnerability is a reminder of how critical it is to keep your plugins updated and your site secure. Regular maintenance and staying informed about potential vulnerabilities are not just best practices—they’re essential to protecting your business’s online presence. If you don’t have the time or expertise to manage these updates yourself, consider partnering with a trusted IT professional who can help ensure your website remains secure and operational.

Staying Secure

Staying on top of WordPress security can feel overwhelming for small business owners without dedicated IT staff. At Your WP Guy, we exist to shoulder that burden for you. Our WordPress experts can fully audit, secure, maintain and support your site - so you can focus on growing your business with peace of mind.

Don't tackle security risks alone. Let us help you assess any impact from this vulnerability, update your plugins, and implement ongoing maintenance to avoid future threats. We treat your website like it's our own - because we know how critical it is for reaching your customers.

Get in touch for a free consultation today on making WordPress security stress-free. Call 678-995-5169 or book a call here. Our knowledgeable team is ready to help you safeguard your online presence.

BackWPup – WordPress Backup & Restore Plugin Vulnerability – Authenticated (Administrator+) Directory Traversal – CVE-2023-5505 | WordPress Plugin Vulnerability Report FAQs

Leave a Comment