cleantalk
Vulnerabilities and Security Researches

JetBackup – WP Backup, Migrate & Restore, CVE-2020-36667

CVE, Research URL

CVE-2020-36667

Home page URL

Security reports for JetBackup – WP Backup, Migrate & Restore

Application

JetBackup – WP Backup, Migrate & Restore

Published on
Mar 07, 2023
Research Description
The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.
Affected versions
Min -, max 2.0.9.9.
Status
vulnerable
Previous vulnerability researches
Backup Bolt (CVE-2023-7236) , Jun 10, 2024
Backup Bolt (bc0c1fa51c016cd29c9a4fcba7b97da23cfc4c93) , Jun 11, 2024
SK WP Settings Backup (CVE-2024-52415) , Nov 17, 2024
1-Click Backup & Restore Database (CVE-2025-32246) , Apr 06, 2025
WordPress SQL Backup (CVE-2025-30608) , Mar 27, 2025
New vulnerability
Tainacan (CVE-2025-47512) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-4223) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2024-13427) , May 25, 2025
miniOrange Discord Integration (CVE-2025-47672) , May 25, 2025
4stats (CVE-2025-3869) , May 24, 2025