CVE-2026-4031— Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Backup Interception
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-4031
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Backup Interception
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wp_db_temp_dir parameter, which controls where database backups are written. This makes it possible for unauthenticated attackers to send a request to wp-cron.php with a poisoned wp_db_temp_dir value pointing to a publicly accessible directory (e.g., wp-content/uploads/), and if a scheduled backup is due, intercept the backup file before it is cleaned up. The backup file has a predictable name based on the database name, table prefix, date, and Swatch Internet Time, making interception reliable. Successful exploitation leads to Sensitive Information Exposure including database credentials, user password hashes, and personally identifiable information. This vulnerability requires that the site administrator has configured scheduled backups.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| wpengine | Database Backup for WordPress | 0 ~ 2.5.2 | - |
II. Public POCs for CVE-2026-4031
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-4031
请登录查看更多情报信息。
Same Patch Batch · wpengine · 2026-05-14 · 3 CVEs total
| CVE-2026-4030 | 8.1 HIGH | Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrar |
| CVE-2026-4029 | 7.5 HIGH | Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database |
IV. Related Vulnerabilities
Same product: Database Backup for WordPress
- CVE-2026-4029
Database Backup for WordPress <= 2.5.2 - Missing Authorizati - CVE-2026-4030
Database Backup for WordPress <= 2.5.2 - Missing Authorizati - CVE-2022-1577
Database Backup for WordPress < 2.5.2 - Arbitrary Schedule S - CVE-2022-0255
Database Backup for WordPress < 2.5.1 - Admin+ SQL Injection - CVE-2021-24322
Database Backup for WordPress < 2.4 - Authenticated Persiste
Same vendor: wpengine
- CVE-2026-4029
Database Backup for WordPress <= 2.5.2 - Missing Authorizati - CVE-2026-4030
Database Backup for WordPress <= 2.5.2 - Missing Authorizati - CVE-2026-4812
Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Mis - CVE-2025-11427
WP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side - CVE-2023-6701
Advanced Custom Fields <= 6.2.4 - Authenticated (Contributor
Same weakness: CWE-862
- CVE-2026-2031
Google Cloud Application Integration: Exposed internal APIs - CVE-2026-7563
Classified Listing <= 5.3.10 - Missing Authorization to Auth - CVE-2026-4683
Smartcat Translator for WPML <= 3.1.77 - Missing Authorizati - CVE-2026-4094
FOX – Currency Switcher Professional for WooCommerce <= 1.4. - CVE-2026-6472
PostgreSQL CREATE TYPE does not check multirange schema CREA
V. Comments for CVE-2026-4031
No comments yet