Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical0
High3
Medium0
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2026-05-14

CVE-2026-4030 - Wp Db Backup Plugin

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup directory parameter. This makes it possible for unauthenticated attackers to read and delete arbitrary files on the server, leading to Sensitive Information Exposure and potential site takeover. Note: This vulnerability is only exploitable in WordPress Multisite environments where the deprecated is_site_admin() function exists.

PLUGIN Wp Db Backup

CVE-2026-4030

HIGH CVSS 8.1 2026-05-14
Open Full Technical Breakdown
Threat Entry Updated 2026-05-14

CVE-2026-4031 - Wp Db Backup Plugin

The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wp_db_temp_dir parameter, which controls where database backups are written. This makes it possible for unauthenticated attackers to send a request to wp-cron.php with a poisoned wp_db_temp_dir value pointing to a publicly accessible directory (e.g., wp-content/uploads/), and if a scheduled backup is due, intercept the backup file before it is cleaned up. The backup file has a predictable name…

PLUGIN Wp Db Backup

CVE-2026-4031

HIGH CVSS 7.5 2026-05-14
Open Full Technical Breakdown
Threat Entry Updated 2026-05-14

CVE-2026-4029 - Wp Db Backup Plugin

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to export database tables, leading to Sensitive Information Exposure. Note: This vulnerability is only exploitable in WordPress Multisite environments where the deprecated is_site_admin() function exists.

PLUGIN Wp Db Backup

CVE-2026-4029

HIGH CVSS 7.5 2026-05-14
Open Full Technical Breakdown
Scroll to top