How severe is CVE-2023-5504?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.7 out of 10.

What type of vulnerability is CVE-2023-5504?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2023-5504 - HIGH Severity | CVSS 8.7

Vulnerability Description

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.

Related Vulnerabilities

CVE-2020-29494

HIGH

CVSS:8.7(High)

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the a...

CWE-222020

CVE-2021-32008

HIGH

CVSS:8.7(High)

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Fil...

CWE-222021

CVE-2021-41131

HIGH

CVSS:8.7(High)

python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can ove...

CWE-222021

CVE-2023-51364

HIGH

CVSS:8.7(High)

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose...

CWE-222023

CVE-2023-51365

HIGH

CVSS:8.7(High)

CWE-222023

CVE-2025-24960

HIGH

CVSS:8.7(High)

Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the route(s). This can lead to Path Traversal Vulnerabilities. Since t...

CWE-222025