CVE-2023-28165 MEDIUM

CVE-2023-28165: WordPress Backup Bank: WordPress Backup Plugin plugin <= 4.0.28 - Broken Access Control vulnerability

Vendor Tech Banker
Product Backup Bank: WordPress Backup Plugin
Weakness CWE-862 · Missing authorization
Published December 9, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28.

Key dates

02Disclosure timeline

December 9, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-28996 WordPress GPP Slideshow plugin <= 1.3.5 - Broken Access Control Vulnerability CVE-2026-1000 MailerLite - WooCommerce integration <= 3.1.3 - Missing Authorization to Data Deletion CVE-2023-28990 WordPress Viral Mag theme <= 1.0.9 - Authenticated Arbitrary Plugin Activation Vulnerability CVE-2026-35443 NamelessMC: Forum reactions bypass the "view own topics only" restriction CVE-2026-8239 Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/get_rating'