CVE-2026-3339 in Keep Backup Daily Plugin情報

要約

〜によって MITRE • 2026年03月21日

The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with `sanitize_text_field()` - a function that does not strip path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to list the contents of arbitrary directories on the server outside of the intended uploads directory.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

Wordfence

予約する

2026年02月27日

公開

2026年03月21日

モデレーション

承諾済み

エントリ

VDB-352240

CPE

準備完了

CWE

CWE-22 (確認済み)

CVSS

2.7 (CNA)

EPSS

0.00020

KEV

いいえ

アクティビティ

非常低い

セクター

Chemical, Agriculture, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-3339
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-3339
CVE Details	https://www.cvedetails.com/cve/CVE-2026-3339/

◂ 前概要次 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!