CVE-2026-9834
The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin (WordPress) is vulnerable to OS Command Injection in all versions up to 7.11 via the wp_db_exclude_table parameter. The root cause is direct concatenation of user-supplied $_POST['wp_db_exclude_table'] values into ...