Cyan Backup WordPress Plugin Arbitrary File Deletion Vulnerability

A vulnerability allowing arbitrary file deletion has been identified in the CYAN Backup plugin for WordPress, affecting all versions through 2.5.4. This issue arises from inadequate validation of file paths in the deletion functionality, enabling authenticated attackers with Administrator-level access to delete arbitrary files on the server. Such actions could lead to remote code execution if critical files, like wp-config.php, are removed.

Impact

Exploitation of this vulnerability could result in unauthorized deletion of files on the server, with the potential for remote code execution if a sensitive file is deleted.

Reproduction

To reproduce this vulnerability, an authenticated user with Administrator-level access can use the 'delete' functionality of the CYAN Backup plugin. The absence of proper file path validation allows for the deletion of arbitrary files on the server.

Remediation

Users are advised to update the CYAN Backup plugin to version 2.5.5 or a newer patched version.