CVE-2026-1311
📋 TL;DR
The Worry Proof Backup WordPress plugin contains a path traversal vulnerability that allows authenticated attackers with Subscriber-level access or higher to upload malicious ZIP archives containing path traversal sequences. This enables arbitrary file writes anywhere on the server, potentially leading to remote code execution via PHP file uploads. All WordPress sites using this plugin up to version 0.2.4 are affected.
💻 Affected Systems
- Worry Proof Backup WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through remote code execution, data exfiltration, website defacement, and lateral movement to other systems.
Likely Case
Website takeover, malware injection, credential theft, and data manipulation.
If Mitigated
Limited impact if proper file permissions, web application firewalls, and monitoring are in place.
🎯 Exploit Status
Exploitation requires authenticated access but only at Subscriber level, which is the lowest WordPress user role. The vulnerability is well-documented with public references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.2.5 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/worry-proof-backup/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Worry Proof Backup' and update to version 0.2.5 or later. 4. If update not available, deactivate and delete the plugin immediately.
🔧 Temporary Workarounds
Disable Plugin
allDeactivate the Worry Proof Backup plugin to remove the vulnerable functionality.
wp plugin deactivate worry-proof-backup
Restrict File Uploads
allImplement web application firewall rules to block ZIP file uploads to the vulnerable endpoint.
🧯 If You Can't Patch
- Remove Subscriber and higher user accounts or restrict their capabilities
- Implement strict file system permissions to prevent PHP execution in writable directories
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Worry Proof Backup version 0.2.4 or earlier.Check Version:
wp plugin list --name=worry-proof-backup --field=versionVerify Fix Applied:
Verify plugin version is 0.2.5 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual ZIP file uploads to /wp-content/plugins/worry-proof-backup/inc/libs/upload-backup.php
- Multiple failed authentication attempts followed by successful login and file upload
- PHP file creation in unexpected directories
Network Indicators:
- POST requests to upload-backup.php with ZIP files
- Unusual outbound connections from web server after file upload
SIEM Query:
source="web_logs" AND uri="/wp-content/plugins/worry-proof-backup/inc/libs/upload-backup.php" AND method="POST" AND file_extension="zip"🔗 References
- https://plugins.trac.wordpress.org/browser/worry-proof-backup/tags/0.2.4/inc/libs/upload-backup.php#L97
- https://plugins.trac.wordpress.org/browser/worry-proof-backup/trunk/inc/libs/upload-backup.php#L97
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3ffd6ce0-2536-43a5-9925-438bc653d0e5?source=cve
