BackWPup – WordPress Backup & Restore Plugin — Vulnerabilities & Security Advisories 6

All 6 CVE vulnerabilities found in BackWPup – WordPress Backup & Restore Plugin, with AI-generated Chinese analysis, references, and POCs.

Vendor: wp_media

CVE ID	Title	CVSS	Severity	Paused
CVE-2026-6227	BackWPup <= 5.6.6 - Authenticated (Administrator+) Local File Inclusion via 'block_name' Parameter CWE-22	7.2	High	2026-04-14
CVE-2025-15041	BackWPup <= 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update CWE-862	7.2	High	2026-02-19
CVE-2025-10579	BackWPup <= 5.5.0 - Missing Authorization to Sensitive Information Exposure CWE-862	5.3	Medium	2025-10-25
CVE-2023-5505	BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal CWE-22	6.8	Medium	2024-08-17
CVE-2023-5775	BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password CWE-256	2.2	Low	2024-02-24
CVE-2023-5504	BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal CWE-22	8.7	High	2024-01-11

All 6 known CVE vulnerabilities affecting BackWPup – WordPress Backup & Restore Plugin with full Chinese analysis, references, and POCs where available.

Support Us — Your donation helps us keep running

BackWPup – WordPress Backup & Restore Plugin — Vulnerabilities & Security Advisories 6