CVE-2025-5396

Name of the Vulnerable Software and Affected Versions Bears Backup versions prior to 2.0.1

Description The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to and including 2.0.0. This is due to the bbackup ajax handle() function lacking capability checks and proper validation of user-supplied input, which is directly passed to call user func(). This allows unauthenticated attackers to execute code on the server, potentially enabling them to inject backdoors or create new administrative user accounts. On WordPress sites using the Alone theme version 7.8.4 and older, this issue can be chained with another vulnerability to install the Bears Backup plugin and achieve the same impact.

Recommendations Update to Bears Backup version 2.0.1 or later.