What is CVE-2023-54346?

CVE-2023-54346 is a high-severity vulnerability in Backupbliss Wordpress Plugin Backup Migration, classified under Insertion of Sensitive Information into Externally-Accessible File or Directory. CVSS score: 7.5/10. Published 2026-05-05.

How severe is CVE-2023-54346?

High severity. CVSS v3 base score is 7.5 out of 10.

Information disclosure in Backupbliss Wordpress Plugin Backup Migration

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup direct…

EPSS: 0.001 (16.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Backupbliss Wordpress Plugin Backup Migration — versions 1.2.8

Weakness classification (CWE)

CWE-538 — Insertion of Sensitive Information into Externally-Accessible File or Directory

References

ExploitDB-51445 (exploit)
Official Product Homepage (product)
Product Reference (product)
VulnCheck Advisory: WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download (third-party-advisory)

Frequently asked questions

What is CVE-2023-54346?: CVE-2023-54346 is a high-severity vulnerability in Backupbliss Wordpress Plugin Backup Migration, classified under Insertion of Sensitive Information into Externally-Accessible File or Directory. CVSS score: 7.5/10. Published 2026-05-05.
How severe is CVE-2023-54346?: High severity. CVSS v3 base score is 7.5 out of 10.