What the vulnerability does
01Description
Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.1.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.1.0.
Explanation of Vulnerability in Simple Terms
WP BackItUp versions 2.1.0 and earlier lack proper authorization checks, allowing unauthenticated attackers to modify site data through network requests. The vulnerability does not expose sensitive information but can alter or disable site functionality. Site administrators should update to a version newer than 2.1.0 when available.
What an attacker can do
Modify or disable site data without logging in.
Potential impact on your site
Attackers can alter backups, restore points, or plugin settings without your permission.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities