WordPress Backup Migration <= 1.3.6 - Path Traversal

WordPress Backup Migration plugin versions up to 1.3.6 contain a path traversal and file validation issue in handledownloading function, letting unauthenticated attackers download backup files containing sensitive information. id: CVE-2023-6266 info: name: WordPress Backup Migration = 1.3.6 - Pat...

WPvivid Backup & Migration <= 0.9.123 - Arbitrary File Upload

WPvivid Backup & Migration plugin for WordPress = 0.9.123 contains an unauthenticated arbitrary file upload vulnerability caused by improper error handling in RSA decryption and lack of path sanitization, letting unauthenticated attackers upload arbitrary PHP files and achieve remote code executi...

EUVD-2026-36939

Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...

CVE-2026-39480

Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...

CVE-2026-39480

CVE-2026-39480 affects the WordPress plugin Backup Migration (versions

CVE-2026-39480 WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...

PT-2026-49381

Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...

CVE-2025-12656

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...

CVE-2026-7566 LearnPress – Backup & Migration Tool <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection via WXR XML File Upload

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

EUVD-2025-210080

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...

WordPress plugin WPvivid Backup & Migration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-12656 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...

WordPress LearnPress – Backup & Migration Tool plugin <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection vulnerability

Authenticated Administrator+ PHP Object Injection vulnerability discovered by Wannes Verwimp in WordPress Plugin LearnPress Export Import versions = 4.1.4...

Exploit for Code Injection in Backupbliss Backup_Migration

WordPressBackupMigration-RCEUnauth...

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 suffers information-disclosure: unauthenticated attackers can download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories via configuration files and logs to construct direct download URLs. No remediati...

WordPress plugin Backup Migration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-37001

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...