cleantalk
Vulnerabilities and Security Researches

Backup Migration, CVE-2023-6972

CVE, Research URL

CVE-2023-6972

Home page URL

Security reports for Backup Migration

Application

Backup Migration

Published on
Dec 23, 2023
Research Description
The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
Affected versions
max 1.4.0.
Status
vulnerable
Previous vulnerability researches
Backup Migration , Apr 23, 2026
Backup Migration (CVE-2025-12394) , Dec 10, 2025
Backup Migration (CVE-2026-39480) , Apr 27, 2026
Backup Migration (CVE-2024-10932) , Jan 05, 2025
Backup Migration (CVE-2023-38514) , Jan 05, 2025
New vulnerability
IDPay Payment Gateway for Woocommerce (CVE-2026-34891) , Apr 27, 2026
Doppler Forms (CVE-2025-9544) , Apr 27, 2026
Acclectic Media Organizer (CVE-2025-48326) , Apr 27, 2026
Contact Form 7 reCAPTCHA (CVE-2025-8280) , Apr 27, 2026
Backup Migration (CVE-2026-39480) , Apr 27, 2026