CVE-2026-3339 in Keep Backup Daily Plugininformação

Sumário

de MITRE • 21/03/2026

The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with `sanitize_text_field()` - a function that does not strip path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to list the contents of arbitrary directories on the server outside of the intended uploads directory.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Wordfence

Reservar

27/02/2026

Divulgação

21/03/2026

Moderação

aceite

Entrada

VDB-352240

CPE

pronto

CWE

CWE-22 (confirmado)

CVSS

2.7 (CNA)

EPSS

0.00020

KEV

não

Atividades

muito baixo

Sector

Energy, Government, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-3339
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-3339
CVE Details	https://www.cvedetails.com/cve/CVE-2026-3339/

◂ Voltar Visão Geral Próximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!