Plattform
wordpress
Komponente
keep-backup-daily
Behoben in
2.1.2
CVE-2026-3339 is a Path Traversal vulnerability affecting the Keep Backup Daily plugin for WordPress. This vulnerability allows authenticated attackers with administrator privileges to list arbitrary files on the server outside of the intended uploads directory. The vulnerability impacts versions 0.0.0 through 2.1.1 and has been resolved in version 2.1.3.
An attacker exploiting this vulnerability could gain access to sensitive files and directories on the web server. This could include configuration files, database credentials, or even source code. While the vulnerability requires administrator access, successful exploitation could lead to a significant compromise of the WordPress site and its underlying infrastructure. The ability to list arbitrary directories provides a reconnaissance opportunity for further attacks, potentially leading to data exfiltration or system takeover. This vulnerability shares similarities with other path traversal exploits where attackers leverage insufficient input validation to bypass security controls and access unauthorized resources.
CVE-2026-3339 was published on 2026-03-20. The vulnerability has a CVSS score of 2.7 (LOW), indicating a relatively low probability of exploitation. No public Proof-of-Concept (POC) code has been identified at the time of writing. It is not currently listed on KEV or EPSS, suggesting no active campaigns are known. Refer to the WordPress security advisory for further details.
Exploit-Status
EPSS
0.06% (19% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-3339 is to upgrade the Keep Backup Daily plugin to version 2.1.3 or later. If upgrading is not immediately feasible, consider restricting file access permissions on the server to minimize the potential impact of a successful exploit. Implement a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../) in the kbd_path parameter. Regularly review WordPress plugin installations and ensure they are from trusted sources and kept up to date.
Aktualisieren Sie auf Version 2.1.3 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-3339 is a Path Traversal vulnerability in the Keep Backup Daily WordPress plugin, allowing authenticated admins to access arbitrary server files. It affects versions 0.0.0–2.1.1 and has a CVSS score of 2.7.
You are affected if your WordPress site uses the Keep Backup Daily plugin and is running version 2.1.1 or earlier. Check your plugin version using wp plugin list.
Upgrade the Keep Backup Daily plugin to version 2.1.3 or later. Consider implementing a WAF rule to block path traversal attempts as a temporary workaround.
Currently, there is no evidence of active exploitation or publicly available Proof-of-Concept code for CVE-2026-3339.
Refer to the WordPress security advisory and the Keep Backup Daily plugin's official website for updates and information regarding CVE-2026-3339.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.