CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

CVSS 8.7 HIGHEPSS 0.3%CWE-538

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Backupbliss · WordPress Plugin Backup Migration

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/51445unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://backupbliss.com/https://downloads.wordpress.org/plugin/backup-backup.1.2.8.zip https://www.exploit-db.com/exploits/51445 https://www.vulncheck.com/advisories/wordpress-plugin-backup-migration-unauthenticated-database-backup-download