Volerion logoVolerion
Volerion logoVolerion

Database Backup for WordPress Missing Authorization Vulnerability Allowing Unauthenticated Database Export

Vulnerability

A vulnerability exists in the Database Backup for WordPress plugin, specifically in versions through 2.5.2. The issue arises from inadequate authorization checks, enabling unauthenticated users to export database tables. This flaw leads to the exposure of sensitive information. The vulnerability is exploitable only in WordPress Multisite environments where the deprecated is_site_admin() function is available.

Impact

Exploitation of this vulnerability allows for unauthorized database exports, potentially leading to the exposure of sensitive information.

Reproduction

The vulnerability can be reproduced by sending a request to the database backup export feature without proper authentication. In a WordPress Multisite environment, this can be done by a user who is not a site administrator.

Remediation

Users are advised to update the Database Backup for WordPress plugin to version 2.5.3 or later.

Added: May 14, 2026, 1:23 PM
Updated: May 14, 2026, 1:23 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
2.5
exploitability
8.2
remediation
7.7
relevance
8.3
threat
4.8
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.