CVE-2026-1311
Awaiting Analysis Awaiting Analysis - Queue

BaseFortify

Vulnerability report for CVE-2026-1311, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-26

Last updated on: 2026-02-27

Assigner: Wordfence

Description

The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path traversal sequences to write arbitrary files anywhere on the server, including executable PHP files. This can lead to remote code execution.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-26
Last Modified
2026-02-27
Generated
2026-07-06
AI Q&A
2026-02-26
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-1311 is a vulnerability in the WordPress plugin "Worry Proof Backup" affecting all versions up to and including 0.2.4. It arises from the backup upload functionality where authenticated users with Subscriber-level access or higher can upload a malicious ZIP archive containing path traversal sequences.'}, {'type': 'paragraph', 'content': 'Due to insufficient validation or sanitization of ZIP file contents during extraction, the plugin may write files outside the intended backup directory. This allows attackers to write arbitrary files anywhere on the server, including executable PHP files, potentially leading to remote code execution.'}] [3]

Impact Analysis

This vulnerability can have severe impacts including unauthorized file writes on the server hosting the WordPress site.

  • An attacker with Subscriber-level access can upload a crafted ZIP file to write arbitrary files anywhere on the server.
  • Malicious files, such as executable PHP scripts, can be placed on the server, enabling remote code execution.
  • Remote code execution can lead to full compromise of the server, data theft, defacement, or further attacks.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "Detection of this vulnerability involves monitoring for suspicious uploads of ZIP files to the WordPress plugin's backup upload functionality, especially from authenticated users with Subscriber-level access or higher."}, {'type': 'paragraph', 'content': 'Since the vulnerability allows uploading ZIP archives with path traversal sequences, you can look for ZIP files containing entries with directory traversal patterns (e.g., ../) in the upload directories.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect potential exploitation attempts include:'}, {'type': 'list_item', 'content': "On the server, search for ZIP files uploaded to the backup directory: `find wp-content/uploads/worry-proof-backup/ -name '*.zip'`"}, {'type': 'list_item', 'content': "Inspect ZIP file contents for path traversal entries using unzip or zipinfo: `unzip -l suspicious.zip | grep '\\.\\./'` or `zipinfo suspicious.zip | grep '\\.\\./'`"}, {'type': 'list_item', 'content': 'Check web server logs for POST requests to the backup upload endpoint from authenticated users.'}, {'type': 'list_item', 'content': 'Monitor for unexpected PHP files or other suspicious files outside the intended backup directory, which may indicate exploitation.'}] [1, 3]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': "Disable or restrict access to the Worry Proof Backup plugin's backup upload functionality, especially for users with Subscriber-level access."}, {'type': 'list_item', 'content': 'Update the plugin to a version that patches this vulnerability once available.'}, {'type': 'list_item', 'content': 'Manually inspect and remove any suspicious files or ZIP archives uploaded to the backup directories.'}, {'type': 'list_item', 'content': 'Implement additional server-side validation or filtering to block ZIP files containing path traversal sequences.'}, {'type': 'list_item', 'content': 'Restrict file permissions on the WordPress uploads directory to prevent execution of uploaded PHP files.'}] [1, 3]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1311. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart