CVE-2023-7164

Summary

The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database.

Affected Software

VendorProductVersion RangeStatus
UnknownBackWPup0 < 4.0.4affected

Weaknesses

  • CWE-548 Exposure of Information Through Directory Listing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References