EUVD-2026-13897
GHSA-fxxv-5hv8-hp3c
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3Tags
Description
The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with `sanitize_text_field()` - a function that does not strip path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to list the contents of arbitrary directories on the server outside of the intended uploads directory.
Analysis
The Keep Backup Daily WordPress plugin versions up to 2.1.1 contain a limited path traversal vulnerability in the `kbd_open_upload_dir` AJAX action that allows authenticated administrators to enumerate arbitrary directories on the server. An attacker with Administrator-level access can exploit insufficient sanitization of the `kbd_path` parameter (using only `sanitize_text_field()` which does not prevent path traversal sequences) to list directory contents outside the intended uploads directory. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
During next maintenance window: Apply vendor patches when convenient. Verify path traversal controls are in place.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today