Vulnerabilities and security researches forbackup backup

May 05, 2025

PSC, Research URL: PSC-2025-64568
Home page URL: Security reports for JetBackup – WP Backup, Migrate & Restore
Application: JetBackup – WP Backup, Migrate & Restore
Date: May 05, 2025
Research Description: In the realm of WordPress site management,backup integrity and security are non-negotiable. Whether you're running a small blog or a full-fledged eCommerce platform, one of the most crucial components of your WordPress infrastructure is a reliable and secure backup solution. That’s where JetBackup shines — a powerful, comprehensive plugin designed to perform backups, restorations, migrations, and cloning with simplicity, efficiency, and now — certified security. As of version 3.1.7.9, JetBackup has officially passed thenPlugin Security Certification (PSC-2025-64568) issued by CleanTalk, confirming that its codebase adheres to strict security and coding standards. This certification provides peace of mind for site owners and administrators, verifying that JetBackup doesn't just offer robust functionality — it does so safely and responsibly. Whether you're downloading a local copy, uploading backups to the cloud, or performing emergency restorations, JetBackup ensures every operation is executed with integrity, transparency, and security at its core.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED

Jun 06, 2024

CVE, Research URL: CVE-2020-36667
Home page URL: Security reports for JetBackup – WP Backup, Migrate & Restore
Application: JetBackup – WP Backup, Migrate & Restore
Date: Mar 07, 2023
Research Description: The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24155
Home page URL: Security reports for JetBackup – WP Backup, Migrate & Restore
Application: JetBackup – WP Backup, Migrate & Restore
Date: Apr 06, 2021
Research Description: The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2017-18488
Home page URL: Security reports for JetBackup – WP Backup, Migrate & Restore
Application: JetBackup – WP Backup, Migrate & Restore
Date: Aug 13, 2019
Research Description: The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2017-10837
Home page URL: Security reports for JetBackup – WP Backup, Migrate & Restore
Application: JetBackup – WP Backup, Migrate & Restore
Date: Aug 29, 2017
Research Description: Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2020-36669
Home page URL: Security reports for JetBackup – WP Backup, Migrate & Restore
Application: JetBackup – WP Backup, Migrate & Restore
Date: Mar 07, 2023
Research Description: The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-34148
Home page URL: Security reports for JetBackup – WP Backup, Migrate & Restore
Application: JetBackup – WP Backup, Migrate & Restore
Date: Mar 15, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin <= 1.6.9.0 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2020-36668
Home page URL: Security reports for JetBackup – WP Backup, Migrate & Restore
Application: JetBackup – WP Backup, Migrate & Restore
Date: Mar 07, 2023
Research Description: The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-7165
Home page URL: Security reports for JetBackup – WP Backup, Migrate & Restore
Application: JetBackup – WP Backup, Migrate & Restore
Date: Feb 27, 2024
Research Description: The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files.
Affected versions: Min -, max -.
Status: vulnerable