CVE-2023-54346
WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.
| CWE | CWE-538 |
| Vendor | backupbliss |
| Product | wordpress plugin backup migration |
| Published | May 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for backupbliss wordpress plugin backup migration
Be the first to know when new high vulnerabilities affecting backupbliss wordpress plugin backup migration are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
Backupbliss / WordPress Plugin Backup Migration
1.2.8
References
exploit-db.com: https://www.exploit-db.com/exploits/51445 backupbliss.com: https://backupbliss.com/ downloads.wordpress.org: https://downloads.wordpress.org/plugin/backup-backup.1.2.8.zip vulncheck.com: https://www.vulncheck.com/advisories/wordpress-plugin-backup-migration-unauthenticated-database-backup-download
Credits
Wadeek