BackupBliss Backup Migration
0 remedies
cpe:2.3:a:backupbliss:backup_migration:*:*:*:*:wordpress:*:*
0 remedies
- <= 1.2.8
WordPress Plugin Backup Migration Information Disclosure Vulnerability Allowing Unauthenticated Database Backup Downloads
Vulnerability
A vulnerability in the WordPress Plugin Backup Migration, specifically version 1.2.8, allows unauthenticated attackers to access and download complete database backups. This information disclosure issue arises from predictable file paths that can be exploited. Attackers can enumerate backup directories using configuration files and log files, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.
Impact
Exploitation of this vulnerability leads to unauthorized access to database backups, which may contain sensitive information.
Reproduction
To reproduce this vulnerability, first verify that WordPress Plugin Backup Migration version 1.2.8 is installed. Then, access the plugin's configuration file to find the backup directory path. Next, check the complete logs file to identify the names of the backup archives. Finally, construct the download URL using the backup directory path and the archive name to download the database backup.
Added: May 5, 2026, 12:45 PM
Updated: May 5, 2026, 12:45 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
2.5exploitability
9.7remediation
0.0relevance
7.5threat
6.4urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.