Can you explain this vulnerability to me?

This vulnerability in the Backuply WordPress plugin allows authenticated users with Administrator-level access or higher to delete arbitrary files on the server due to insufficient validation of file paths in the delete backup functionality. This means an attacker can delete critical files, such as wp-config.php, potentially leading to remote code execution.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

If exploited, this vulnerability can allow an attacker with admin access to delete important files on your server, which can disrupt your website's operation and potentially allow the attacker to execute malicious code remotely by deleting specific files like wp-config.php.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of this vulnerability involves checking if the Backuply plugin version is 1.4.8 or earlier, as these versions are vulnerable. You can verify the plugin version installed on your WordPress site by running the following WP-CLI command: `wp plugin list --status=active` and look for Backuply's version. Additionally, monitoring for unusual file deletion activities on the server, especially deletion of critical files like wp-config.php, may indicate exploitation attempts. There are no specific network commands provided for direct detection of this vulnerability. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to update the Backuply plugin to version 1.4.9 or later, which includes improved input sanitization and fixes the arbitrary file deletion vulnerability. Until the update is applied, restrict Administrator-level access to trusted users only, and monitor backup deletion activities closely. Applying the update can be done via the WordPress admin dashboard or using WP-CLI with the command: `wp plugin update backuply`. [1]

Useful 0 Not Useful 0