cleantalk
Vulnerabilities and Security Researches

Backup Migration, CVE-2023-6266

CVE, Research URL

CVE-2023-6266

Home page URL

Security reports for Backup Migration

Application

Backup Migration

Published on
Jan 11, 2024
Research Description
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more.
Affected versions
max 1.3.7.
Status
vulnerable
Previous vulnerability researches
Backup Migration , Apr 23, 2026
Backup Migration (CVE-2025-12394) , Dec 10, 2025
Backup Migration (CVE-2026-39480) , Apr 27, 2026
Backup Migration (CVE-2024-10932) , Jan 05, 2025
Backup Migration (CVE-2023-38514) , Jan 05, 2025
New vulnerability
IDPay Payment Gateway for Woocommerce (CVE-2026-34891) , Apr 27, 2026
Doppler Forms (CVE-2025-9544) , Apr 27, 2026
Acclectic Media Organizer (CVE-2025-48326) , Apr 27, 2026
Contact Form 7 reCAPTCHA (CVE-2025-8280) , Apr 27, 2026
Backup Migration (CVE-2026-39480) , Apr 27, 2026