CVE-2023-54346 HIGH

CVE-2023-54346: WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

Vendor Backupbliss

Product WordPress Plugin Backup Migration

Weakness CWE-538

Published May 5, 2026

Last update May 6, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.

Key dates

Disclosure timeline

May 5, 2026 CVE published

May 6, 2026 Record updated