Description
The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with `sanitize_text_field()` - a function that does not strip path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to list the contents of arbitrary directories on the server outside of the intended uploads directory.
Published: 2026-03-20
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Directory Traversal – information disclosure
Action: Apply Patch
AI Analysis

Impact

The Keep Backup Daily plugin for WordPress allows an authenticated attacker with Administrator-level or higher privileges to supply an arbitrary file path to the `kbd_open_upload_dir` AJAX action. Because the `kbd_path` parameter is only sanitized with a function that does not remove path traversal sequences, the plugin can reveal the contents of directories outside its designated uploads folder. This vulnerability enables disclosure of sensitive files and configuration data but does not grant code execution or arbitrary file writing. The weakness corresponds to CWE‑22, a classic directory traversal flaw.

Affected Systems

This flaw affects every installation of Keep Backup Daily up to and including version 2.1.1. WordPress sites that have installed this plugin and still run a vulnerable version are at risk. Administrators or higher-level users can trigger the exploit by sending a request to the `kbd_open_upload_dir` AJAX endpoint.

Risk and Exploitability

Although the CVSS score is only 2.7, indicating a low severity, the attack requires only that an authenticated user exist on the site. The path traversal can be performed remotely via HTTP requests, so the threat vector is web-based. No publicly available exploits were identified in the data, and the vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. Nevertheless, because any Site Admin or higher can disclose server file contents, administrators should treat the issue as a medium risk to confidentiality.

Generated by OpenCVE AI on March 21, 2026 at 07:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Keep Backup Daily to the latest version that removes the vulnerability
  • If an upgrade is not immediately possible, disable or remove the kbd_open_upload_dir AJAX action from the plugin
  • Restrict Administrator roles or enforce least‑privilege policies so that only trusted users can invoke the action
  • Apply file‑system permissions that prevent web‑accessible directories from exposing sensitive files
  • Monitor web logs for attempts to access the kbd_path parameter with traversal characters

Generated by OpenCVE AI on March 21, 2026 at 07:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Fahadmahmood
Fahadmahmood keep Backup Daily
Wordpress
Wordpress wordpress
Vendors & Products Fahadmahmood
Fahadmahmood keep Backup Daily
Wordpress
Wordpress wordpress

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with `sanitize_text_field()` - a function that does not strip path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to list the contents of arbitrary directories on the server outside of the intended uploads directory.
Title Keep Backup Daily <= 2.1.1 - Authenticated (Admin+) Limited Path Traversal via 'kbd_path' Parameter
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Fahadmahmood Keep Backup Daily
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:32:34.130Z

Reserved: 2026-02-27T15:17:08.862Z

Link: CVE-2026-3339

cve-icon Vulnrichment

Updated: 2026-03-24T13:39:25.743Z

cve-icon NVD

Status : Deferred

Published: 2026-03-21T00:16:27.627

Modified: 2026-04-22T21:32:08.360

Link: CVE-2026-3339

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:33:42Z

Weaknesses