{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3339", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-27T15:17:08.862Z", "datePublished": "2026-03-20T23:25:09.949Z", "dateUpdated": "2026-04-08T16:32:34.130Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:32:34.130Z"}, "affected": [{"vendor": "fahadmahmood", "product": "Keep Backup Daily", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with `sanitize_text_field()` - a function that does not strip path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to list the contents of arbitrary directories on the server outside of the intended uploads directory."}], "title": "Keep Backup Daily <= 2.1.1 - Authenticated (Admin+) Limited Path Traversal via 'kbd_path' Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01984754-e332-4500-99a2-10a7b79967f5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/keep-backup-daily/tags/2.1.1/inc/functions.php#L855"}, {"url": "https://plugins.trac.wordpress.org/browser/keep-backup-daily/trunk/inc/functions.php#L855"}, {"url": "https://plugins.trac.wordpress.org/browser/keep-backup-daily/tags/2.1.1/inc/functions.php#L871"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3481587%40keep-backup-daily&new=3481587%40keep-backup-daily&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "baseScore": 2.7, "baseSeverity": "LOW"}}], "credits": [{"lang": "en", "type": "finder", "value": "san6051"}], "timeline": [{"time": "2026-03-20T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T13:39:17.921104Z", "id": "CVE-2026-3339", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:39:30.198Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3339", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T13:39:17.921104Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:39:25.743Z"}}], "cna": {"title": "Keep Backup Daily <= 2.1.1 - Authenticated (Admin+) Limited Path Traversal via 'kbd_path' Parameter", "credits": [{"lang": "en", "type": "finder", "value": "san6051"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "fahadmahmood", "product": "Keep Backup Daily", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.1.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-03-20T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01984754-e332-4500-99a2-10a7b79967f5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/keep-backup-daily/tags/2.1.1/inc/functions.php#L855"}, {"url": "https://plugins.trac.wordpress.org/browser/keep-backup-daily/trunk/inc/functions.php#L855"}, {"url": "https://plugins.trac.wordpress.org/browser/keep-backup-daily/tags/2.1.1/inc/functions.php#L871"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3481587%40keep-backup-daily&new=3481587%40keep-backup-daily&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with `sanitize_text_field()` - a function that does not strip path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to list the contents of arbitrary directories on the server outside of the intended uploads directory."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-03-20T23:25:09.949Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3339", "state": "PUBLISHED", "dateUpdated": "2026-03-24T13:39:30.198Z", "dateReserved": "2026-02-27T15:17:08.862Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-20T23:25:09.949Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with `sanitize_text_field()` - a function that does not strip path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to list the contents of arbitrary directories on the server outside of the intended uploads directory."}, {"lang": "es", "value": "El plugin Keep Backup Daily para WordPress es vulnerable a salto de ruta limitado en todas las versiones hasta la 2.1.1, inclusive, a trav\u00e9s de la acci\u00f3n AJAX 'kbd_open_upload_dir'. Esto se debe a una validaci\u00f3n insuficiente del par\u00e1metro 'kbd_path', que solo se sanea con 'sanitize_text_field()', una funci\u00f3n que no elimina secuencias de salto de ruta. Esto hace posible que atacantes autenticados, con acceso de nivel de Administrador y superior, listen el contenido de directorios arbitrarios en el servidor fuera del directorio de subidas previsto."}], "id": "CVE-2026-3339", "lastModified": "2026-04-22T21:32:08.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-21T00:16:27.627", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/keep-backup-daily/tags/2.1.1/inc/functions.php#L855"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/keep-backup-daily/tags/2.1.1/inc/functions.php#L871"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/keep-backup-daily/trunk/inc/functions.php#L855"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3481587%40keep-backup-daily&new=3481587%40keep-backup-daily&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01984754-e332-4500-99a2-10a7b79967f5?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.1.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Keep Backup Daily", "source": "cna", "vendor": "fahadmahmood"}, "product": "keep_backup_daily", "vendor": "fahadmahmood"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-21T07:26:32.651818+00:00", "value": {"mitigation_remediation": ["Upgrade Keep Backup Daily to the latest version that removes the vulnerability", "If an upgrade is not immediately possible, disable or remove the kbd_open_upload_dir AJAX action from the plugin", "Restrict Administrator roles or enforce least\u2011privilege policies so that only trusted users can invoke the action", "Apply file\u2011system permissions that prevent web\u2011accessible directories from exposing sensitive files", "Monitor web logs for attempts to access the kbd_path parameter with traversal characters"], "summary": {"action": "Apply Patch", "impact": "Directory Traversal \u2013 information disclosure"}, "threat_synthesis": {"affected_systems": "This flaw affects every installation of Keep Backup Daily up to and including version 2.1.1. WordPress sites that have installed this plugin and still run a vulnerable version are at risk. Administrators or higher-level users can trigger the exploit by sending a request to the `kbd_open_upload_dir` AJAX endpoint.", "description_and_impact": "The Keep Backup Daily plugin for WordPress allows an authenticated attacker with Administrator-level or higher privileges to supply an arbitrary file path to the `kbd_open_upload_dir` AJAX action. Because the `kbd_path` parameter is only sanitized with a function that does not remove path traversal sequences, the plugin can reveal the contents of directories outside its designated uploads folder. This vulnerability enables disclosure of sensitive files and configuration data but does not grant code execution or arbitrary file writing. The weakness corresponds to CWE\u201122, a classic directory traversal flaw.", "risk_and_exploitability": "Although the CVSS score is only 2.7, indicating a low severity, the attack requires only that an authenticated user exist on the site. The path traversal can be performed remotely via HTTP requests, so the threat vector is web-based. No publicly available exploits were identified in the data, and the vulnerability is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog. Nevertheless, because any Site Admin or higher can disclose server file contents, administrators should treat the issue as a medium risk to confidentiality."}}}}, "created": "2026-03-23T09:51:43.328572+00:00", "updated": "2026-03-25T14:33:42.936393+00:00", "vendors": ["fahadmahmood", "fahadmahmood$PRODUCT$keep_backup_daily", "wordpress", "wordpress$PRODUCT$wordpress"]}