CVE-2026-1311
BaseFortify
Publication date: 2026-02-26
Last updated on: 2026-02-27
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-1311 is a vulnerability in the WordPress plugin "Worry Proof Backup" affecting all versions up to and including 0.2.4. It arises from the backup upload functionality where authenticated users with Subscriber-level access or higher can upload a malicious ZIP archive containing path traversal sequences.'}, {'type': 'paragraph', 'content': 'Due to insufficient validation or sanitization of ZIP file contents during extraction, the plugin may write files outside the intended backup directory. This allows attackers to write arbitrary files anywhere on the server, including executable PHP files, potentially leading to remote code execution.'}] [3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized file writes on the server hosting the WordPress site.
- An attacker with Subscriber-level access can upload a crafted ZIP file to write arbitrary files anywhere on the server.
- Malicious files, such as executable PHP scripts, can be placed on the server, enabling remote code execution.
- Remote code execution can lead to full compromise of the server, data theft, defacement, or further attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "Detection of this vulnerability involves monitoring for suspicious uploads of ZIP files to the WordPress plugin's backup upload functionality, especially from authenticated users with Subscriber-level access or higher."}, {'type': 'paragraph', 'content': 'Since the vulnerability allows uploading ZIP archives with path traversal sequences, you can look for ZIP files containing entries with directory traversal patterns (e.g., ../) in the upload directories.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect potential exploitation attempts include:'}, {'type': 'list_item', 'content': "On the server, search for ZIP files uploaded to the backup directory: `find wp-content/uploads/worry-proof-backup/ -name '*.zip'`"}, {'type': 'list_item', 'content': "Inspect ZIP file contents for path traversal entries using unzip or zipinfo: `unzip -l suspicious.zip | grep '\\.\\./'` or `zipinfo suspicious.zip | grep '\\.\\./'`"}, {'type': 'list_item', 'content': 'Check web server logs for POST requests to the backup upload endpoint from authenticated users.'}, {'type': 'list_item', 'content': 'Monitor for unexpected PHP files or other suspicious files outside the intended backup directory, which may indicate exploitation.'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': "Disable or restrict access to the Worry Proof Backup plugin's backup upload functionality, especially for users with Subscriber-level access."}, {'type': 'list_item', 'content': 'Update the plugin to a version that patches this vulnerability once available.'}, {'type': 'list_item', 'content': 'Manually inspect and remove any suspicious files or ZIP archives uploaded to the backup directories.'}, {'type': 'list_item', 'content': 'Implement additional server-side validation or filtering to block ZIP files containing path traversal sequences.'}, {'type': 'list_item', 'content': 'Restrict file permissions on the WordPress uploads directory to prevent execution of uploaded PHP files.'}] [1, 3]