CVE-2021-47979

HIGH WAF: High

CVSS 8.8 Published: 2026-05-16

CWE-22

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted file_name and folder_name parameters to delete arbitrary files from the WordPress installation directory.

WAF Coverage Analysis

Path Traversal High WAF Coverage

OWASP: A01:2021 Broken Access Control

930xxx - Local File Inclusion

References

wordpress.org
www.exploit-db.com
www.miniorange.com
www.vulncheck.com

Back to CVE Database