CVE-2023-6266

Name of the Vulnerable Software and Affected Versions Backup Migration plugin for WordPress versions up to, and including, 1.3.6

Description The issue arises from insufficient path and file validation on the BMI BACKUP case of the handle downloading function. This allows unauthenticated attackers to download backup files, potentially exposing sensitive information such as user passwords, personally identifiable information (PII), database credentials, and more.

Recommendations For versions up to, and including, 1.3.6, update to a version higher than 1.3.6 to resolve the issue. As a temporary workaround, consider restricting access to the handle downloading function until a patch is available.