cleantalk
Vulnerabilities and Security Researches

JetBackup – WP Backup, Migrate & Restore, CVE-2020-36668

CVE, Research URL

CVE-2020-36668

Home page URL

Security reports for JetBackup – WP Backup, Migrate & Restore

Application

JetBackup – WP Backup, Migrate & Restore

Published on
Mar 07, 2023
Research Description
The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information.
Affected versions
Min -, max 1.4.1.
Status
vulnerable
Previous vulnerability researches
Backup Bolt (CVE-2023-7236) , Jun 10, 2024
Backup Bolt (bc0c1fa51c016cd29c9a4fcba7b97da23cfc4c93) , Jun 11, 2024
SK WP Settings Backup (CVE-2024-52415) , Nov 17, 2024
1-Click Backup & Restore Database (CVE-2025-32246) , Apr 06, 2025
WordPress SQL Backup (CVE-2025-30608) , Mar 27, 2025
New vulnerability
Tainacan (CVE-2025-47512) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-4223) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2024-13427) , May 25, 2025
miniOrange Discord Integration (CVE-2025-47672) , May 25, 2025
4stats (CVE-2025-3869) , May 24, 2025