Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2021-47979: WordPress Plugin Backup and Restore allows attackers to delete files
CVE-2021-47979
Summary
An attacker with a WordPress account can delete files from the website's root directory by sending a special request. This can lead to data loss and potential website downtime. Update the WordPress Plugin Backup and Restore plugin to the latest version to fix this issue.
Original title
WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attacker...
Original description
WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted file_name and folder_name parameters to delete arbitrary files from the WordPress installation directory.
nvd CVSS3.1
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-22
Path Traversal
Published: 16 May 2026 · Updated: 28 May 2026 · First seen: 16 May 2026