A high-severity vulnerability exists in the Simple Backup plugin for WordPress, allowing unauthenticated attackers to download arbitrary files from the web server. Successful exploitation could lead to the exposure of highly sensitive information, such as database credentials and server configuration files, enabling further compromise of the website and underlying infrastructure.

The Simple Backup plugin for WordPress fails to properly sanitize user-supplied input when handling file download requests. An unauthenticated attacker can craft a malicious request containing path traversal sequences (e.g., ../) to navigate outside of the intended directory. This allows the attacker to specify and download any file on the server that is readable by the web server process, including the wp-config.php file, which contains database credentials, or other system-level files.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation can have a severe business impact, leading directly to a data breach. An attacker could exfiltrate sensitive configuration files, proprietary application code, or customer data stored on the filesystem. The theft of database credentials from the wp-config.php file would grant the attacker full access to the website's database, risking a complete compromise of user data, content, and site integrity, leading to significant reputational damage, regulatory penalties, and financial loss.

Immediate Action: Immediately update the Simple Backup plugin to the latest available version that patches this vulnerability. If the plugin is no longer actively used or maintained, it should be deactivated and completely removed from the WordPress installation to eliminate this attack vector.

Proactive Monitoring: Security teams should monitor web server access logs for suspicious requests targeting the Simple Backup plugin's endpoints. Look for GET requests that include path traversal characters (../) or direct requests for sensitive files like wp-config.php, /etc/passwd, or .htaccess.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rulesets designed to block path traversal attacks. Additionally, enforce strict file system permissions to ensure the web server user account has read access only to the files and directories absolutely necessary for the website to function, limiting the impact of a successful exploit.

Public Exploit Available: true

Given the high severity (CVSS 7.5) and the public availability of exploit code, this vulnerability poses a critical risk to the organization. We strongly recommend that immediate action is taken to apply the vendor's remediation. All WordPress sites should be audited to identify instances of the vulnerable "Simple Backup" plugin, which must be updated or removed without delay to prevent the compromise of sensitive server data and a potential full site takeover.