Vulnerabilities ›

CVE-2026-1311

High

CWE-22 — Weakness Type

                    Published: Feb 26, 2026                      ·  Modified: Mar 5, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path traversal sequences to write arbitrary files anywhere on the server, including executable PHP files. This can lead to remote code execution.

🤖 AI Executive Summary

The Worry Proof Backup WordPress plugin (versions ≤0.2.4) contains a critical path traversal vulnerability in its backup upload functionality that allows authenticated users with Subscriber-level access to upload malicious ZIP files and execute arbitrary code on the server. This vulnerability poses a significant risk to WordPress installations across Saudi Arabia, particularly those managing sensitive business and government data. Immediate patching is essential as the vulnerability requires only basic authentication and can lead to complete server compromise.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 22, 2026 10:28

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses critical risk to Saudi organizations using WordPress, particularly: (1) Government agencies and ministries relying on WordPress for public-facing portals and content management; (2) Banking and financial institutions using WordPress for customer-facing websites and internal portals; (3) Healthcare providers managing patient information through WordPress-based systems; (4) Telecommunications companies (STC, Mobily, Zain) using WordPress for service portals; (5) Energy sector organizations including ARAMCO subsidiaries; (6) E-commerce and retail businesses managing customer data. The low barrier to entry (Subscriber-level access) makes this particularly dangerous in organizations with multiple content contributors or compromised user accounts. Organizations under NCA and SAMA regulatory oversight face heightened compliance risk.

🏢 Affected Saudi Sectors

Government and Public Administration Banking and Financial Services Healthcare and Medical Services Telecommunications Energy and Utilities E-commerce and Retail Education Media and Publishing

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1200 - Hardware Additions T1567 - Exfiltration Over Web Service T1070 - Indicator Removal T1059 - Command and Scripting Interpreter T1505 - Server Software Component T1547 - Boot or Logon Autostart Execution

⚖️ Saudi Risk Score (AI)

8.5

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all WordPress installations using Worry Proof Backup plugin across your organization

2. Disable the plugin immediately if version ≤0.2.4 is detected

3. Review backup upload logs for suspicious ZIP files with path traversal sequences (../ patterns)

4. Check for unauthorized PHP files in unexpected directories



PATCHING GUIDANCE:

1. Update Worry Proof Backup plugin to version >0.2.4 immediately

2. Verify update completion and plugin functionality

3. Clear any cached versions of the plugin



COMPENSATING CONTROLS (if immediate patching delayed):

1. Restrict backup upload functionality to Administrator-level users only

2. Implement Web Application Firewall (WAF) rules to block requests containing "../" in file uploads

3. Disable ZIP file uploads entirely if backup functionality not critical

4. Implement strict file upload validation on the application level

5. Monitor /wp-content/uploads/ and web root directories for suspicious PHP files



DETECTION RULES:

1. Monitor for POST requests to backup upload endpoints containing path traversal sequences

2. Alert on PHP file creation in non-standard directories

3. Track failed authentication attempts followed by Subscriber-level uploads

4. Monitor for ZIP file uploads with suspicious internal paths

5. Log all backup-related plugin activities for forensic review

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع تثبيتات WordPress التي تستخدم مكون Worry Proof Backup في جميع أنحاء المنظمة

2. تعطيل المكون فوراً إذا تم اكتشاف الإصدار ≤0.2.4

3. مراجعة سجلات تحميل النسخة الاحتياطية للملفات المريبة من نوع ZIP التي تحتوي على تسلسلات اجتياز المسار (أنماط ../)

4. التحقق من ملفات PHP غير المصرح بها في الدلائل غير المتوقعة

إرشادات التصحيح:

1. تحديث مكون Worry Proof Backup إلى إصدار >0.2.4 فوراً

2. التحقق من اكتمال التحديث وعمل المكون

3. مسح أي نسخ مخزنة مؤقتاً من المكون

الضوابط البديلة (إذا تأخر التصحيح الفوري):

1. تقييد وظيفة تحميل النسخة الاحتياطية لمستخدمي المسؤول فقط

2. تنفيذ قواعد جدار حماية تطبيقات الويب (WAF) لحظر الطلبات التي تحتوي على "../" في تحميلات الملفات

3. تعطيل تحميلات ملفات ZIP بالكامل إذا لم تكن وظيفة النسخ الاحتياطية حرجة

4. تنفيذ التحقق الصارم من تحميل الملفات على مستوى التطبيق

5. مراقبة الدلائل /wp-content/uploads/ والجذر لملفات PHP المريبة

قواعد الكشف:

1. مراقبة طلبات POST إلى نقاط نهاية تحميل النسخة الاحتياطية التي تحتوي على تسلسلات اجتياز المسار

2. تنبيه عند إنشاء ملف PHP في دلائل غير قياسية

3. تتبع محاولات المصادقة الفاشلة متبوعة بتحميلات على مستوى المشترك

4. مراقبة تحميلات ملفات ZIP بمسارات داخلية مريبة

5. تسجيل جميع أنشطة المكون المتعلقة بالنسخ الاحتياطية لمراجعة الطب الشرعي

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information Security Policies and Procedures A.6.1.1 - Access Control Policy A.6.2.1 - User Registration and De-registration A.8.2.1 - Classification of Information A.12.2.1 - Restrictions on Software Installation A.12.4.1 - Event Logging A.12.6.1 - Management of Technical Vulnerabilities

🔵 SAMA CSF

ID.AM-2 - Software Inventory PR.AC-1 - Access Control Policy PR.PT-2 - Removable Media Protection DE.CM-1 - Network Monitoring DE.CM-3 - Personnel Activity Monitoring RS.MI-2 - Incident Response Procedures

🟡 ISO 27001:2022

A.5.1.1 - Information Security Policies A.6.1.1 - Access Control A.8.1.1 - Asset Inventory A.12.2.1 - Software Installation Controls A.12.6.1 - Vulnerability Management A.14.2.1 - Secure Development Policy

🟣 PCI DSS v4.0.1

Requirement 1.1 - Firewall Configuration Standards Requirement 6.2 - Security Patches Requirement 6.5.1 - Injection Flaws Requirement 10.2 - User Access Logging Requirement 11.2 - Vulnerability Scanning

🔗 References & Sources 3

🔗

https://plugins.trac.wordpress.org/browser/worry-proof-backup/tags/0.2.4/inc/libs/uploa...

security@wordfence.com

🔗

https://plugins.trac.wordpress.org/browser/worry-proof-backup/trunk/inc/libs/upload-bac...

security@wordfence.com

🔗

https://www.wordfence.com/threat-intel/vulnerabilities/id/3ffd6ce0-2536-43a5-9925-438bc...

security@wordfence.com

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-22

Exploit No

Patch ✓ Yes

Published 2026-02-26

Source Feed nvd

🇸🇦 Saudi Risk Score

8.5

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-22

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-1311

💬 Comments

Introduce Yourself

Sign In Required