CVE-2025-46348

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.5.4

Description The issue allows a malicious user to create and download site backups without authentication. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. The request to commence a site backup can be performed and downloaded without authentication due to a predictable filename used for the archives.

Recommendations For versions prior to 4.5.4, update to version 4.5.4 to resolve the issue. As a temporary workaround, consider restricting access to the site backup functionality until the update is applied.