Vulnerabilities and security researches forbackuply backuply
Direction: ascendingJun 07, 2024
Backuply – Backup, Restore, Migrate and Clone # CVE-2024-2294
- CVE, Research URL
- Date
- Mar 16, 2024
- Research Description
- The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers.
- Affected versions
-
max 1.2.8.
- Status
-
vulnerable
Backuply – Backup, Restore, Migrate and Clone # CVE-2024-0697
- CVE, Research URL
- Date
- Jan 27, 2024
- Research Description
- The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information.
- Affected versions
-
max 1.2.4.
- Status
-
vulnerable
Backuply – Backup, Restore, Migrate and Clone # CVE-2024-0842
- CVE, Research URL
- Date
- Feb 09, 2024
- Research Description
- The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.
- Affected versions
-
max 1.2.7.
- Status
-
vulnerable
Jul 24, 2024
Backuply – Backup, Restore, Migrate and Clone # PSC-2024-19258
- PSC, Research URL
- Date
- Apr 08, 2025
- Research Description
- In the ever-evolving landscape of WordPress, safeguarding your website against data loss is paramount. The "Backuply" plugin, now at version 1.5.0, offers a robust backup solution designed to protect your WordPress assets from server crashes, hacks, faulty updates, or plugin malfunctions. In this article, we explore the significance of this plugin, focusing on its security features and its recognition through the "Plugin Security Certification" (PSC) from CleanTalk.
- Affected versions
-
Min 1.5.0, max 1.5.0.
- Status
-
SAFE & CERTIFIED
Sep 15, 2024
Backuply – Backup, Restore, Migrate and Clone # CVE-2024-8669
- CVE, Research URL
- Date
- Sep 14, 2024
- Research Description
- The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to, and including, 1.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
max 1.3.5.
- Status
-
vulnerable
Nov 10, 2025
Backuply – Backup, Restore, Migrate and Clone # CVE-2025-10307
- CVE, Research URL
- Date
- Sep 26, 2025
- Research Description
- The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete backup functionality in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
- Affected versions
-
max 1.4.9.
- Status
-
vulnerable