We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2015-10134

Simple Backup <= 2.7.10 - Arbitrary File Download via Path Traversal



Description

The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2.7.10. via the download_backup_file function. This is due to a lack of capability checks and file type validation. This makes it possible for attackers to download sensitive files such as the wp-config.php file from the affected site.

Reserved 2025-07-18 | Published 2025-07-19 | Updated 2025-07-19 | Assigner Wordfence


HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

* before 2.7.11
affected

Timeline

2015-05-19:Disclosed

Credits

Mahdi.Hidden (Ashiyane Digital Security Team) finder

References

www.wordfence.com/...-0ff2-4bb1-9d41-9cffb83b5ad0?source=cve

packetstormsecurity.com/files/131919/

cve.org (CVE-2015-10134)

nvd.nist.gov (CVE-2015-10134)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2015-10134

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.