CVE-2026-1104

Name of the Vulnerable Software and Affected Versions FastDup – Fastest WordPress Migration & Duplicator plugin versions up to 2.7.1

Description The FastDup plugin for WordPress is affected by a flaw that allows unauthorized backup creation and download. This is due to a missing capability check on REST API endpoints. Authenticated attackers with Contributor-level access or higher can create and download full-site backup archives, including database exports and configuration files. The affected API endpoints are not explicitly specified, but the issue relates to REST API functionality. The vulnerability allows access to the entire WordPress installation data.

Recommendations Versions prior to 2.7.1 should be updated to address this issue.