Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Worry Proof Backup plugin allows attackers to upload malicious files to your WordPress site
CVE-2026-1311
Summary
The Worry Proof Backup plugin for WordPress has a security issue that allows attackers with Subscriber-level access and above to upload malicious files to your site. This could potentially let an attacker take control of your site. Update to the latest version of the plugin to fix this issue.
Original title
The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated...
Original description
The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path traversal sequences to write arbitrary files anywhere on the server, including executable PHP files. This can lead to remote code execution.
nvd CVSS3.1
8.8
Vulnerability type
CWE-22
Path Traversal
Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026