cleantalk
Vulnerabilities and Security Researches

Backuply – Backup, Restore, Migrate and Clone, CVE-2025-10307

CVE, Research URL

CVE-2025-10307

Home page URL

Security reports for Backuply – Backup, Restore, Migrate and Clone

Application

Backuply – Backup, Restore, Migrate and Clone

Published on
Sep 26, 2025
Research Description
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete backup functionality in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected versions
max 1.4.9.
Status
vulnerable
Previous vulnerability researches
OOPSpam Anti-Spam (CVE-2025-12094) , Nov 10, 2025
OOPSpam Anti-Spam (2abea83e21a0323c5a51444c6b7c720291723c81) , Jun 07, 2024
OOPSpam Anti-Spam (CVE-2023-22716) , Jun 07, 2024
OOPSpam Anti-Spam (CVE-2023-35913) , Jun 07, 2024
New vulnerability
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One (CVE-2025-10567) , Nov 10, 2025
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2025-10185) , Nov 10, 2025
Auto Login After Registration (CVE-2025-49946) , Nov 10, 2025
Trinity Audio – Text to Speech AI audio player to convert content into audio (CVE-2025-9196) , Nov 10, 2025
Multi Item Responsive Slider (CVE-2025-11992) , Nov 10, 2025