Home

Description

The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with `sanitize_text_field()` - a function that does not strip path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to list the contents of arbitrary directories on the server outside of the intended uploads directory.

PUBLISHED Reserved 2026-02-27 | Published 2026-03-20 | Updated 2026-04-08 | Assigner Wordfence




LOW: 2.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

Any version
affected

Timeline

2026-03-20:Disclosed

Credits

san6051 finder

References

www.wordfence.com/...-e332-4500-99a2-10a7b79967f5?source=cve

plugins.trac.wordpress.org/...y/tags/2.1.1/inc/functions.php

plugins.trac.wordpress.org/...-daily/trunk/inc/functions.php

plugins.trac.wordpress.org/...y/tags/2.1.1/inc/functions.php

plugins.trac.wordpress.org/...up-daily&sfp_email=&sfph_mail=

cve.org (CVE-2026-3339)

nvd.nist.gov (CVE-2026-3339)

Download JSON