8.7
CVE-2023-54346
- EPSS 0.31%
- Veröffentlicht 05.05.2026 12:16:17
- Zuletzt bearbeitet 05.05.2026 19:47:57
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerBackupbliss
≫
Produkt
WordPress Plugin Backup Migration
Version
1.2.8
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.225 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| disclosure@vulncheck.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
https://backupbliss.com/
https://downloads.wordpress.org/plugin/backup-backup.1.2.8.zip
https://www.exploit-db.com/exploits/51445
https://www.vulncheck.com/advisories/wordpress-plugin-backup-migration-unauthenticated-database-backup-download