CVE-2023-54346
Information Disclosure in Backup Migration WordPress Plugin
Publication date: 2026-05-05
Last updated on: 2026-05-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wp_backup_migration | backup_migration | 1.2.8 |
| backup_migration | backup_migration | 1.2.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-538 | The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in WordPress Plugin Backup Migration 1.2.8 allows unauthenticated attackers to download complete database backups containing sensitive data by accessing predictable file paths. This unauthorized disclosure of sensitive information can lead to violations of data protection regulations such as GDPR and HIPAA, which require strict controls over the confidentiality and security of personal and health-related data.
Because attackers can retrieve full database dumps without authentication, organizations using this plugin may fail to meet compliance requirements related to data confidentiality, access controls, and breach prevention. This exposure increases the risk of regulatory penalties and damages trust with users whose data is compromised.
Can you explain this vulnerability to me?
The WordPress Plugin Backup Migration version 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups.
This happens because the plugin stores sensitive backup files in predictable locations. Attackers can enumerate backup directories by accessing configuration files and logs, then construct direct download URLs to retrieve full database dumps without needing any authentication.
How can this vulnerability impact me? :
This vulnerability can lead to significant unauthorized data exposure since attackers can download complete database backups containing sensitive information.
Because the attack requires no authentication and the backup files are stored in predictable locations, it poses a high risk of confidential data leakage, potentially compromising the privacy and security of the website and its users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of backup files stored in predictable locations by the Backup Migration plugin version 1.2.8. Attackers exploit configuration files and logs to enumerate backup directories and download database backups without authentication.
To detect this on your system, you can attempt to access known or predictable backup file paths directly via HTTP requests to see if database backup files are accessible without authentication.
- Use curl or wget commands to test access to common backup file URLs, for example: curl -I http://yourwordpresssite.com/wp-content/uploads/backup-migration/backup.sql
- Search your web server directories for backup files using commands like: find /var/www/html/ -type f -name '*.sql' or '*.zip'
- Review web server access logs for unusual requests to backup directories or files.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to backup directories and files to prevent unauthenticated downloads.
- Remove or secure any existing backup files stored in predictable locations.
- Apply access controls such as .htaccess rules or web server configurations to restrict access to backup directories.
- Update or patch the Backup Migration plugin to a version that addresses this vulnerability if available.
- Monitor your web server logs for unauthorized access attempts to backup files.