4.1.7 Security Vulnerability? | ww.wp.xz.cn

Resolved delanet
(@delanet)

3 months, 1 week ago
Hello,

I am currently using version 4.1.7 on all my sites (4.x series).

I recently received the following vulnerability notification from Wordfence:
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/backwpup/backwpup-562-authenticated-backwpup-helper-privilege-escalation-via-arbitrary-options-update

Since I am still running the 4.x series, I would like to ask:
- Does this vulnerability affect version 4.1.7 (or the 4.x branch in general)?
- If so, is this considered a real and exploitable security issue in that branch?
- Is there any plan to provide a fix for the 4.x series, or is upgrading to the latest major version the only recommended solution?
I am aware that there are still many users running the 4.x series, so clarification on this would be greatly appreciated.

Viewing 1 replies (of 1 total)

Plugin Support Saransh
(@saranshwpm)

3 months, 1 week ago

Hello,

Thank you for your message.

Our developers have confirmed that this issue does not exist in version 4.x. The function save_site_option is not present in version 4 and was introduced starting with version 5.

Therefore, users who are running versions below 5 are not affected and do not need to be concerned.

Best regards,

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

1 reply
2 participants
Last reply from: Saransh
Last activity: 3 months, 1 week ago
Status: resolved