Impact
WordPress Simple-Backup 2.7.11 allows an attacker to delete and download arbitrary files by manipulating the delete_backup_file and download_backup_file parameters in tools.php. The plugin fails to properly validate user input, enabling directory traversal that can target critical files such as wp-config.php, database dumps, or .htaccess. These weaknesses allow unauthenticated attackers to compromise the confidentiality, integrity, and availability of the WordPress installation, potentially exposing sensitive data or disabling essential security controls.
Affected Systems
The vulnerability affects the ChrisHurst Simple Backup plugin for WordPress, specifically version 2.7.11. No other affected versions are listed in the CNA data.
Risk and Exploitability
With a CVSS score of 8.7, this issue is considered high severity. The EPSS score is < 1%, indicating a very low but nonzero probability of exploitation, and the plugin does not enforce authentication. Based on the description, it is inferred that an attacker can target the publicly exposed tools.php endpoint using unauthenticated HTTP requests with crafted delete_backup_file or download_backup_file parameters to trigger directory traversal. An attacker can simply request the vulnerable URL with crafted parameters from any network location that can reach the WordPress site, making the risk immediate for unpatched deployments.
OpenCVE Enrichment