CVE-2025-10579 MEDIUM

CVE-2025-10579: BackWPup <= 5.5.0 - Missing Authorization to Sensitive Information Exposure

Vendor Wp_Media
Product BackWPup – WordPress Backup & Restore Plugin
Weakness CWE-862 · Missing authorization
Published October 25, 2025
Last update October 27, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpup_working' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve access to a back-up's filename while a backup is running. This information has little value on it's own, but could be used to aid in a brute force attack to retrieve back-up contents in limited environments (i.e. NGINX).

Explanation of Vulnerability in Simple Terms

02Summary

BackWPup versions up to 5.5.0 lack proper authorization checks, allowing authenticated users with low privileges to access sensitive backup data they should not be able to view. An attacker with a basic WordPress account can read backup files and their contents without additional permissions. This affects the confidentiality of backup data stored by the plugin.

What an attacker can do

03Attacker Capabilities

Read backup files and their contents without proper authorization.

Potential impact on your site

04Site Impact

Backup data containing sensitive site information may be exposed to any authenticated user, not just administrators.

Conditions required to exploit

05Prerequisites

Attacker needs a low-privilege WordPress user account; no user interaction required.

Key dates

06Disclosure timeline

October 25, 2025 CVE published
October 27, 2025 Record updated