CVE-2025-4222

Name of the Vulnerable Software and Affected Versions Database Toolset plugin for WordPress versions up to, and including, 1.8.4

Description The issue allows unauthenticated attackers to extract sensitive data from database backup files stored in a publicly accessible location. This is possible because an index file is present, although a brute force attack would be required to compromise any data.

Recommendations For Database Toolset plugin for WordPress versions up to, and including, 1.8.4, update to a version later than 1.8.4 to prevent sensitive information exposure. As a temporary workaround, consider restricting access to the backup files stored in publicly accessible locations to minimize the risk of exploitation.