Worry Proof Backup WordPress Plugin Path Traversal Vulnerability Allowing Remote Code Execution

A path traversal vulnerability has been identified in the Worry Proof Backup plugin for WordPress, affecting all versions up to and including 0.2.4. The vulnerability arises in the backup upload functionality, where authenticated attackers with Subscriber-level access and above can exploit path traversal sequences to upload malicious ZIP archives. These archives can be manipulated to write arbitrary files anywhere on the server, including executable PHP files, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file upload via ZIP archives, with the possibility of executing uploaded PHP files, resulting in remote code execution.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can upload a ZIP file containing path traversal sequences through the backup upload feature of the Worry Proof Backup plugin. The uploaded ZIP file can be crafted to traverse directories and write files to locations on the server that could be executed, such as within the web root as a PHP file.