Login Sign Up

CVE-2015-10134

7.5 HIGH
Authentication Bypass

📋 TL;DR

The Simple Backup WordPress plugin allows attackers to download any file from the server without authentication due to missing security checks. This affects WordPress sites using Simple Backup versions 2.7.10 and earlier. Attackers can steal sensitive configuration files and other critical data.

💻 Affected Systems

Products:
  • Simple Backup WordPress Plugin
Versions: Up to and including 2.7.10
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress installations with the Simple Backup plugin installed and activated.

📦 What is this software?

Simple Backup by Mywebsiteadvisor

View all CVEs affecting Simple Backup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise via database credentials theft from wp-config.php, leading to data exfiltration, site defacement, or ransomware deployment.

🟠

Likely Case

Database credentials and other sensitive configuration data stolen, potentially leading to database compromise and site takeover.

🟢

If Mitigated

Limited impact if proper file permissions and web server configurations prevent access to critical files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available and requires no authentication. Attackers can directly request backup files via crafted URLs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.11 or later

Vendor Advisory: https://wordpress.org/plugins/simple-backup/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Simple Backup and click 'Update Now'. 4. Verify version is 2.7.11 or higher.

🔧 Temporary Workarounds

Disable Simple Backup Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate simple-backup

Restrict Access via .htaccess

linux

Block access to the vulnerable endpoint using web server rules.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^wp-content/plugins/simple-backup/.*\.php$ - [F,L]
</IfModule>

🧯 If You Can't Patch

  • Remove the Simple Backup plugin completely from the WordPress installation.
  • Implement web application firewall rules to block requests to the vulnerable download_backup_file endpoint.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Simple Backup version. If version is 2.7.10 or lower, you are vulnerable.

Check Version:

wp plugin get simple-backup --field=version

Verify Fix Applied:

Verify Simple Backup plugin version is 2.7.11 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /wp-content/plugins/simple-backup/download_backup_file.php with file parameter
  • Unusual file downloads from backup directories

Network Indicators:

  • GET requests for wp-config.php or other sensitive files from plugin paths

SIEM Query:

url:*/wp-content/plugins/simple-backup/download_backup_file.php* AND (file:*wp-config* OR file:*config*)

📊 Metadata

CVE ID: CVE-2015-10134
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
EPSS Score: 50.29% exploit probability (97.8th percentile)
Published: July 19, 2025
Last Updated: December 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-10134, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)