BackWPup – WordPress Backup & Restore Plugin

Vulnerabilities 17Slug backwpupLatest version 5.6.9WordPress.org →

Minimum safe version

5.6.7

Update to 5.6.7 or later to address 17 fixable vulnerabilities

Latest available5.6.9 ✓

N/A

2026-04-13< 5.6.7

BackWPup <= 5.6.6 - Authenticated (Administrator+) Local File Inclusion via 'block_name' Parameter

Wordfence CVE

High 7.2

2026-02-19< 5.6.3

CVE-2025-15041

CVE Wordfence

Medium 5.3

2025-10-25< 5.5.1

CVE-2025-10579

CVE EUVD Patchstack Wordfence

Medium 6.8

2024-08-17< 4.0.2

CVE-2023-5505

CVE Wordfence

High 7.5

2024-04-08< 4.0.4

CVE-2023-7164

CVE Wordfence Patchstack WPScan

Low 2.7

2024-02-24< 4.0.3

CVE-2023-5775

CVE Wordfence Patchstack

High 8.7

2024-01-11< 4.0.2

CVE-2023-5504

CVE Patchstack Wordfence WPScan

N/A

< 2.1.5

BackWPup 2.1.4 - Code Execution

WPScan

N/A

2011-10-17< 2.1.5

WordPress BackWPUp Plugin 2.1.4 - Code Execution

Patchstack

N/A

2015-05-15< 1.7.2

WordPress BackWPUp Plugin 1.7.1 - Remote & Local Code Execution

Patchstack

N/A

2017-03-22< 3.3

WordPress BackWPup plugin <= 3.2.5 - Reflected Cross-Site Scripting (XSS) Vulnerability

Patchstack

N/A

2017-09-28< 3.4.2

WordPress BackWPup plugin <=3.4.1 - Unrestricted Backup File Download

Patchstack

N/A

2011-02-28< 1.5

WordPress BackWPup Plugin 1.4 - Multiple Information Disclosure Vulnerabilities

Patchstack

N/A

2012-10-08< 1.4.1

CVE-2011-5208

CVE Patchstack Wordfence

N/A

2012-10-08< 1.7.2

CVE-2011-4342

CVE Patchstack Wordfence WPScan

N/A

2013-09-26< 3.0.13

CVE-2013-4626

CVE Wordfence Patchstack WPScan

High 7.5

2017-09-27< 3.4.2

CVE-2017-2551

CVE Wordfence WPScan