The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated malicious users to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
backupbliss backup migration |