CVE-2026-1311 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: February 27, 2026
Worry Proof Backup WordPress plugin - Path Traversal & Remote Code Execution
Overview
Worry Proof Backup WordPress plugin <= 0.2.4 contains a path traversal vulnerability in backup upload functionality, letting authenticated attackers with Subscriber-level access upload malicious ZIP archives to write arbitrary files, including executable PHP, leading to remote code execution.
Severity & Score
Impact
Authenticated attackers can upload malicious files to execute arbitrary code, potentially compromising the entire server.
Mitigation
Update to the latest version of Worry Proof Backup plugin.
References
- https://plugins.trac.wordpress.org/browser/worry-proof-backup/tags/0.2.4/inc/libs/upload-backup.php#L97
- https://plugins.trac.wordpress.org/browser/worry-proof-backup/trunk/inc/libs/upload-backup.php#L97
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3ffd6ce0-2536-43a5-9925-438bc653d0e5?source=cve
Social Media Activity(1 post)
š CVE-2026-1311 - High (8.8) The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above... š https://www.thehackerwire.com/vulnerability/CVE-2026-1311/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-1311
- Severity
- High
- CVSS Score
- 8.8
- Type
- path_traversal
- Status
- unconfirmed
- EPSS
- 22.7%
- Social Posts
- 1
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H