CVE-2023-7164 – The BackWPup WordPress plugin before version 4.... (How to Fix)

Q: What is the severity of CVE-2023-7164?

CVE-2023-7164 has a CVSS score of 7.5 (HIGH). The BackWPup WordPress plugin before version 4.0.4 fails to prevent directory listing in its temporary backup folder, allowing unauthenticated attackers to download site database backups. This affects all WordPress sites using vulnerable versions of the BackWPup plugin.

📋 TL;DR

The BackWPup WordPress plugin before version 4.0.4 fails to prevent directory listing in its temporary backup folder, allowing unauthenticated attackers to download site database backups. This affects all WordPress sites using vulnerable versions of the BackWPup plugin.

💻 Affected Systems

Products:

BackWPup WordPress Plugin

Versions: All versions before 4.0.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects WordPress installations with BackWPup plugin installed and active.

📦 What is this software?

Backwpup by Inpsyde

View all CVEs affecting Backwpup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers download complete database backups containing sensitive data like user credentials, personal information, and site configuration, leading to data breach and potential site compromise.

🟠

Likely Case

Attackers access and download database backups containing user data, potentially leading to credential theft and privacy violations.

🟢

If Mitigated

With proper access controls, attackers cannot enumerate or access backup files, preventing data exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only web access to the vulnerable directory path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.4

Vendor Advisory: https://wpscan.com/vulnerability/79b07f37-2c6b-4846-bb28-91a1e5bf112e/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find BackWPup and update to version 4.0.4 or later. 4. Verify update completes successfully.

🔧 Temporary Workarounds

Restrict Directory Access

linux

Add .htaccess file to block directory listing and file access in the backup folder.

echo 'Options -Indexes
Deny from all' > /path/to/backwpup-temp-folder/.htaccess

🧯 If You Can't Patch

Disable the BackWPup plugin immediately
Implement web application firewall rules to block access to backup directory paths

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel for BackWPup plugin version. If version is below 4.0.4, the site is vulnerable.

Check Version:

wp plugin list --name=backwpup --field=version

Verify Fix Applied:

Confirm BackWPup plugin version is 4.0.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to /wp-content/uploads/backwpup-* directories
Multiple failed or successful attempts to access backup files

Network Indicators:

HTTP requests to backup file paths from unauthorized IPs
Large downloads of .sql or .gz files from backup directories

SIEM Query:

source="web_server" AND (uri="/wp-content/uploads/backwpup-*" OR uri LIKE "%.sql" OR uri LIKE "%.gz")

📊 Metadata

CVE ID: CVE-2023-7164

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Published: April 8, 2024

Last Updated: April 11, 2025

🔗 References

https://wpscan.com/vulnerability/79b07f37-2c6b-4846-bb28-91a1e5bf112e/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/79b07f37-2c6b-4846-bb28-91a1e5bf112e/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON