[Security issue!] BackupWordPress Plugin has a security issue!

The BackupWordpress plugin has a very very serious security issue!


So if you installed it and set it up to backup your database regularly. The plugin, by default, will place your backups under the wp-content folder which is web accessible!

For example, after a couple of days, I’ve found my backups under this folder:


Out of curiosity, just tried to open this link in browser. And voila! I was able to download my database 😀

I was not able to change the destination directory, nor the permissions to it. Here’s a screenshot of the available settings:



Leave a Reply

Your email address will not be published. Required fields are marked *