Medium severity5.9NVD Advisory· Published Nov 24, 2025· Updated Apr 15, 2026
CVE-2025-12394
CVE-2025-12394
Description
The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.0.0
- Range: <2.0.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.