Primary

Context

FastDup WordPress Plugin Missing Authorization Vulnerability in Backup Creation and Download

Vulnerability

Patched

A vulnerability exists in the FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress, specifically in versions through 2.7.1. The issue arises from a lack of proper capability checks on REST API endpoints, allowing authenticated attackers with Contributor-level access and above to create and download full-site backup archives. These backups include the entire WordPress installation, database exports, and configuration files.

Impact

Exploitation of this vulnerability allows for unauthorized backup creation and download, giving access to sensitive site data, including database contents and configuration files.

Remediation

Users are advised to update the FastDup WordPress plugin to version 2.7.2 or a newer patched version.

Added: Feb 12, 2026, 4:13 PM

Updated: Feb 12, 2026, 4:13 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.1

remediation

7.7

relevance

3.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.1

remediation

7.7

relevance

3.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FastDup WordPress Plugin Missing Authorization Vulnerability in Backup Creation and Download

Vulnerability

Impact

Remediation

Affected Products

NinjaTeam FastDup

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating