cleantalk
Vulnerabilities and Security Researches

JetBackup – WP Backup, Migrate & Restore, CVE-2020-36669

CVE, Research URL

CVE-2020-36669

Home page URL

Security reports for JetBackup – WP Backup, Migrate & Restore

Application

JetBackup – WP Backup, Migrate & Restore

Published on
Mar 07, 2023
Research Description
The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 1.4.1.
Status
vulnerable
Previous vulnerability researches
Backup Bolt (CVE-2023-7236) , Jun 10, 2024
Backup Bolt (bc0c1fa51c016cd29c9a4fcba7b97da23cfc4c93) , Jun 11, 2024
SK WP Settings Backup (CVE-2024-52415) , Nov 17, 2024
1-Click Backup & Restore Database (CVE-2025-32246) , Apr 06, 2025
WordPress SQL Backup (CVE-2025-30608) , Mar 27, 2025
New vulnerability
Tainacan (CVE-2025-47512) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-4223) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2024-13427) , May 25, 2025
miniOrange Discord Integration (CVE-2025-47672) , May 25, 2025
4stats (CVE-2025-3869) , May 24, 2025