Backuply – Backup, Restore, Migrate and Clone

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Description

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete backup functionality in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Basic Information

ID CVE-2025-10307

Source Wordfence

Published Sep 26, 2025 at 06:43

Affected Product

Vendor softaculous

Product Backuply – Backup, Restore, Migrate and Clone

Version *

Affected Versions softaculous Backuply – Backup, Restore, Migrate and Clone *

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete backup functionality in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).",
    "published": "2025-09-26T06:43:28.060Z",
    "modified": "2025-09-26T06:43:28.060Z",
    "type": "cve",
    "title": "Backuply \u2013 Backup, Restore, Migrate and Clone <= 1.4.8 - Authenticated (Admin+) Arbitrary File Deletion",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0dd53fad-1bd7-41ed-95cb-205a9b421724?source=cve\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3363283%40backuply&new=3363283%40backuply&sfp_email=&sfph_mail=",
    "id": "CVE-2025-10307",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "softaculous Backuply \u2013 Backup, Restore, Migrate and Clone *",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Backuply \u2013 Backup, Restore, Migrate and Clone",
    "version": "*",
    "vendor": "softaculous",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Backuply – Backup, Restore, Migrate and Clone <= 1.4.8 - Authenticated (Admin+) Arbitrary File Deletion_CVE-2025-10307