{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1311", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-21T20:39:35.555Z", "datePublished": "2026-02-26T04:36:16.923Z", "dateUpdated": "2026-04-08T16:48:19.712Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:48:19.712Z"}, "affected": [{"vendor": "bearsthemes", "product": "Worry Proof Backup", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.2.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path traversal sequences to write arbitrary files anywhere on the server, including executable PHP files. This can lead to remote code execution."}], "title": "Worry Proof Backup <= 0.2.4 - Authenticated (Subscriber+) Path Traversal via Backup Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ffd6ce0-2536-43a5-9925-438bc653d0e5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/worry-proof-backup/trunk/inc/libs/upload-backup.php#L97"}, {"url": "https://plugins.trac.wordpress.org/browser/worry-proof-backup/tags/0.2.4/inc/libs/upload-backup.php#L97"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}, {"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}], "timeline": [{"time": "2026-02-25T16:01:10.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T14:25:34.407620Z", "id": "CVE-2026-1311", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:25:46.217Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1311", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-26T14:25:34.407620Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:25:39.731Z"}}], "cna": {"title": "Worry Proof Backup <= 0.2.4 - Authenticated (Subscriber+) Path Traversal via Backup Upload", "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}, {"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "bearsthemes", "product": "Worry Proof Backup", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.2.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-25T16:01:10.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ffd6ce0-2536-43a5-9925-438bc653d0e5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/worry-proof-backup/trunk/inc/libs/upload-backup.php#L97"}, {"url": "https://plugins.trac.wordpress.org/browser/worry-proof-backup/tags/0.2.4/inc/libs/upload-backup.php#L97"}], "descriptions": [{"lang": "en", "value": "The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path traversal sequences to write arbitrary files anywhere on the server, including executable PHP files. This can lead to remote code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:48:19.712Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1311", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:48:19.712Z", "dateReserved": "2026-01-21T20:39:35.555Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-26T04:36:16.923Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path traversal sequences to write arbitrary files anywhere on the server, including executable PHP files. This can lead to remote code execution."}, {"lang": "es", "value": "El plugin Worry Proof Backup para WordPress es vulnerable a salto de ruta en todas las versiones hasta, e incluyendo, la 0.2.4 a trav\u00e9s de la funcionalidad de carga de copias de seguridad. Esto hace posible que atacantes autenticados, con acceso de nivel Suscriptor y superior, carguen un archivo ZIP malicioso con secuencias de salto de ruta para escribir archivos arbitrarios en cualquier lugar del servidor, incluyendo archivos PHP ejecutables. Esto puede llevar a la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2026-1311", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-26T05:17:41.933", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/worry-proof-backup/tags/0.2.4/inc/libs/upload-backup.php#L97"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/worry-proof-backup/trunk/inc/libs/upload-backup.php#L97"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ffd6ce0-2536-43a5-9925-438bc653d0e5?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.2.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Worry Proof Backup", "source": "cna", "vendor": "bearsthemes"}, "product": "worry_proof_backup", "vendor": "bearsthemes"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T18:02:22.941380+00:00", "value": {"mitigation_remediation": ["Update Worry Proof Backup to the latest version that removes the faulty upload handling (at least v0.2.5).", "Restrict the backup upload feature to administrator accounts or disable it entirely until the vendor releases a fix.", "Scan the site for unexpected files, especially PHP scripts, that may have been written by an attacker, and remove them."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Affected systems include all installations of the BearThemes \"Worry Proof Backup\" WordPress plugin from the earliest release through version 0.2.4. Any instance that has the backup upload feature enabled and is accessible to Subscriber\u2011level or higher accounts is vulnerable. No later versions are affected.", "description_and_impact": "The Worry Proof Backup plugin for WordPress, versions up to 0.2.4, permits path traversal via the backup upload interface. An attacker who is authenticated with Subscriber or higher privileges can craft a ZIP archive containing directory traversal characters; when the plugin extracts the archive, it writes the files to arbitrary locations on the server. If a PHP file is uploaded, the attacker could execute it, resulting in remote code execution. The weakness corresponds to unvalidated file paths (CWE\u201122).", "risk_and_exploitability": "The vulnerability has a CVSS score of 8.8, indicating high severity. The EPSS score is below 1\u202f%, showing that the probability of exploitation is low at present, and it is not listed in the CISA KEV catalog. Attackers must first authenticate with a valid account that has Subscriber\u2011level or higher privileges, then upload a malicious ZIP to trigger the traversal. Once executed, the attacker could gain full control over the web server."}}}}, "created": "2026-02-26T13:09:41.217568+00:00", "updated": "2026-04-15T18:15:10.811763+00:00", "vendors": ["bearsthemes", "bearsthemes$PRODUCT$worry_proof_backup", "wordpress", "wordpress$PRODUCT$wordpress"]}