Description

The Bei Fen – WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the 'task'. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. This only affects instances running PHP 7.1 or older.

INFO

Published Date :

2025-09-30T03:35:27.453Z

Last Modified :

2026-04-08T17:04:10.697Z

Source :

Wordfence
AFFECTED PRODUCTS

The following products are affected by CVE-2025-9993 vulnerability.

Vendors Products
D3rd4v1d
  • Bei Fen
Wordpress
  • Wordpress

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact