CVE-2024-12330

Name of the Vulnerable Software and Affected Versions WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress versions up to, and including, 7.3

Description The issue allows unauthenticated attackers to extract sensitive data, including all information stored in the database, via publicly accessible back-up files. This is a case of Sensitive Information Exposure.

Recommendations For versions up to, and including, 7.3, update to a version that fixes the Sensitive Information Exposure issue to prevent unauthenticated attackers from accessing sensitive data. As a temporary workaround, consider restricting access to publicly accessible back-up files until a patch is available.