GCVE - cpe:2.3:a:webtoffee:backup_and_migration:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:webtoffee:backup_and_migration:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Webtoffee (`e4f96395-4c7d-5ae2-a626-a2bd0042f0d9`)
Product	Backup And Migration (`7ae9a360-8afe-5693-acc9-ac86c02b5ebe`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-3546`	vulnerable	2026-06-03 14:56:24.659259	WordPress Backup & Migration <= 1.4.8 - Missing Authorization to Directory Traversal MEDIUM (4.3) The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above, to invoke this function and access log files maintained by the plugin. Additionally, the file name is user-provided and not properly sanitized, which allows attackers to read arbitrary log files on the file system. Published: 2024-05-02T16:51:57.352Z Updated: 2026-04-08T16:45:31.512Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/339c4eba-fa34-4db6-be4b-bcf0ba98121a?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3073573%40wp-migration-duplicator%2Ftrunk&old=3049128%40wp-migration-duplicator%2Ftrunk&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-31254`	vulnerable	2026-06-03 14:55:39.321966	WordPress WordPress Backup & Migration plugin <= 1.4.7 - Sensitive Data Exposure via Log File vulnerability LOW (3.7) Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. Published: 2024-04-10T15:45:11.886Z Updated: 2026-04-28T16:09:29.111Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wp-migration-duplicator/wordpress-wordpress-backup-migration-plugin-1-4-7-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5738`	vulnerable	2026-06-03 14:53:49.478508	WordPress Backup & Migration < 1.4.5 - Subscriber+ Stored XSS The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. Published: 2023-11-27T16:22:04.717Z Updated: 2024-08-02T08:07:32.600Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/7f935916-9a1a-40c7-b6d8-efcc46eb8eaf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5737`	vulnerable	2026-06-03 14:53:49.478024	WordPress Backup & Migration < 1.4.4 - Subscriber+ Plugin Settings Update The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. Published: 2023-11-27T16:22:02.521Z Updated: 2024-08-02T08:07:32.645Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/c761c67c-eab8-4e1b-a332-c9a45e22bb13	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Backup And Migration

PURL mappings

Vulnerability references

Contribute