Request to patch BackWPup 4.x for security vulnerability

  • Resolved delanet

    (@delanet)


    7 months, 1 week ago

    Hello,

    I would like to raise a concern regarding the recently disclosed vulnerability in BackWPup, as described here:
    https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/backwpup/backwpup-550-missing-authorization-to-sensitive-information-exposure

    While the issue has been addressed in the 5.x release line, there are still a very large number of active users running the 4.x series of BackWPup. For many of them, upgrading to the 5.x branch may not be immediately possible due to environment or compatibility constraints.

    Given the security implications of this vulnerability, would it be possible to backport the fix to the 4.x branch as well? Even a minimal patch release that closes the authorization gap would help protect a significant user base that still relies on BackWPup 4.x.

    Thank you for considering this request, and for your continued work in keeping BackWPup safe and reliable.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Saransh

    (@saranshwpm)

    7 months ago

    Hello @delanet,

    I have raised this internally and am waiting for developer feedback.

    I will get back once I have an update on this.

    Best Regards,

    Plugin Support Saransh

    (@saranshwpm)

    7 months ago

    Hello @delanet,

    The developers confirmed that this issue is not present in version 4.x and was introduced after version 5. Therefore, there is no need for users to be concerned who are using versions below 5.

    I hope this clears things up for you.

    Best Regards,

    Thread Starter delanet

    (@delanet)

    7 months ago

    Thanks for clarifying this!
    I have now reported the incorrect version range to Wordfence Threat Intelligence so they can update their vulnerability database accordingly.
    Really appreciate your support and the confirmation from the developers.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Request to patch BackWPup 4.x for security vulnerability’ is closed to new replies.

  • 5 replies
  • 2 participants
  • Last reply from: delanet
  • Last activity: 7 months ago
  • Status: resolved