PT-2025-47884 · WordPress · Backup Migration
Ymmfty0
·
Published
2025-11-24
·
Updated
2025-11-24
·
CVE-2025-12394
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Backup Migration WordPress plugin versions prior to 2.0.0
Description
The Backup Migration WordPress plugin does not correctly create its backup path under specific server setups. This allows users without authorization to access a log file that reveals the backup filename. Subsequently, the backup archive can be downloaded without authentication.
Recommendations
Update the Backup Migration WordPress plugin to version 2.0.0 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Backup Migration