CVE-2026-4030

Name of the Vulnerable Software and Affected Versions Database Backup for WordPress versions prior to 2.5.3

Description The plugin allows unauthenticated attackers to read and delete arbitrary files on the server, which can lead to sensitive information exposure and potential site takeover. This occurs because the plugin fails to properly enforce the return value of its authorization check and uses a user-controlled backup directory parameter. This issue is only exploitable in WordPress Multisite environments where the deprecated is site admin() function is present.

Recommendations Update to a version later than 2.5.2.