CVE-2026-42760

CVE-2026-42760 concerns the WordPress plugin “Backup and Staging by WP Time Capsule” (revmakx) where the vulnerability enables an authentication bypass via an alternate path or channel, enabling password-recovery exploitation. Affected: wp-time-capsule plugin versions from n/a up to and including...

CVE-2026-42760 WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.25 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...

EUVD-2026-32208

Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...

CVE-2021-47979

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

CVE-2021-47979

CVE-2021-47979 affects WordPress Plugin Backup and Restore 1.0.3. An arbitrary file deletion vulnerability exists in which authenticated attackers can delete arbitrary files by crafting file_name and folder_name parameters in POST requests to admin-ajax.php, enabling file system modification with...

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 suffers information-disclosure: unauthenticated attackers can download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories via configuration files and logs to construct direct download URLs. No remediati...

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2026-3143

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...

CVE-2026-3143

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...

CVE-2026-3143 Total Upkeep <= 1.17.1 - Missing Authorization to Unauthenticated Rollback Cancellation

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...

EUVD-2026-26502

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...

WordPress Royal WordPress Backup & Restore Plugin plugin <= 1.0.16 - Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter vulnerability

Reflected Cross-Site Scripting via 'wprpendingtemplate' Parameter vulnerability discovered by Abi Wiranata in WordPress Plugin Royal WordPress Backup, Restore & Migration versions = 1.0.16...

Exploit for Code Injection in Backupbliss Backup_Migration

🔥 CVE-2023-6553 — WordPress Backup Migration RCE Unauthen...

WordPress plugin Royal WordPress Backup & Restore Plugin 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-31848

Name of the Vulnerable Software and Affected Versions The Royal WordPress Backup & Restore Plugin versions up to and including 1.0.16 Description The Royal WordPress Backup & Restore Plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the wpr pending template parameter d...

WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by ch4r0n in WordPress Plugin Backup Migration versions = 2.1.1...

WordPress Backup Migration 1.3.7 - Remote Command Execution

Exploit Title: WordPress Backup Migration 1.3.7 - Remote Command Execution Date: 2025-10-26 Exploit Author: DANG Vendor Homepage: https://backupbliss.com/ Software Link: https://wordpress.org/plugins/backup-backup/ Version: Backup Migration ≤1.3.7 Tested on: LINUX CVE : CVE-2023-6553 This module...

CVE-2025-15041

The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the savesiteoption function in all versions up to, and including, 5.6.2. This makes it possible for...

WordPress Backup Migration plugin <= 1.3.9 - Authenticated (Admin+) OS Command Injection via url vulnerability

Authenticated Admin+ OS Command Injection via url vulnerability discovered by Françoa Taffarel in WordPress Plugin Backup Migration versions = 1.3.9...

PT-2026-6629

Your WordPress backup plugin just leaked your entire database. 💀 CVE-2026-11200 is live. If you're using UpdraftPlus or similar, check your versions NOW. This is why we moved everything to infrastructure-level JetBackup. Full technical breakdown on why your "safety net" is actually a trap:...