Security Advisory

CVE-2025-12394

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-24 06:00:06

Last updated 2025-11-24 10:54:28

Assigner WPScan

State PUBLISHED

Description

The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication.

← Browse all CVEs View on cve.org ↗