cleantalk
Vulnerabilities and Security Researches

FastDup – Fastest WordPress Migration & Duplicator, CVE-2026-1104

CVE, Research URL

CVE-2026-1104

Home page URL

Security reports for FastDup – Fastest WordPress Migration & Duplicator

Application

FastDup – Fastest WordPress Migration & Duplicator

Published on
Feb 12, 2026
Research Description
The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create and download full-site backup archives containing the entire WordPress installation, including database exports and configuration files.
Affected versions
max 2.7.2.
Status
vulnerable
Previous vulnerability researches
Video & Photo Gallery for Ultimate Member (CVE-2025-32121) , Apr 06, 2025
Video & Photo Gallery for Ultimate Member (CVE-2024-12162) , Dec 13, 2024
Video & Photo Gallery for Ultimate Member (CVE-2024-54370) , Dec 18, 2024
Video & Photo Gallery for Ultimate Member (CVE-2025-22672) , Feb 20, 2025
BuddyForms Ultimate Member (893cfcf44e3c079784f666e461a667cb4f6e2761) , Jun 06, 2024
New vulnerability
Name Directory (CVE-2026-1866) , Apr 15, 2026
Name Directory (CVE-2026-3178) , Apr 15, 2026
Online Ordering System For Restaurants & Local Retail by Orderable (CVE-2026-0974) , Apr 15, 2026
Geo Mashup (CVE-2026-2416) , Apr 15, 2026
InteractiveCalculator for WordPress (CVE-2026-1807) , Apr 15, 2026