High severity7.5NVD Advisory· Published Jan 11, 2024· Updated Apr 8, 2026
CVE-2023-6266
CVE-2023-6266
Description
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more.
Affected products
1- cpe:2.3:a:backupbliss:backup_migration:*:*:*:*:*:wordpress:*:*Range: <=1.3.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.wordfence.com/threat-intel/vulnerabilities/id/08801f53-3c57-41a3-a637-4b52637cc612nvdThird Party Advisory
- plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.5/includes/initializer.phpnvdIssue Tracking
- plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.5/includes/initializer.phpnvdIssue Tracking
- plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/initializer.phpnvdIssue Tracking
News mentions
0No linked articles in our index yet.