CVE-2026-4029 - Vulnerability Details

- Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export

Description

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to export database tables, leading to Sensitive Information Exposure. Note: This vulnerability is only exploitable in WordPress Multisite environments where the deprecated is_site_admin() function exists.

Published: 2026-05-14

Score: 7.5 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The Database Backup for WordPress plugin fails to enforce the return value of its authorization check, allowing unauthenticated users to trigger database exports in WordPress Multisite installations that still use the deprecated is_site_admin() function. The plugin exposes a direct export endpoint, enabling an attacker to obtain all database tables and thus confidential data, credentials, and other sensitive information. This flaw maps to CWE‑862, representing a missing or incorrect authorization policy and results in a straightforward data breach scenario.

Affected Systems

Database Backup for WordPress plugins up to and including version 2.5.2 on WordPress Multisite installations that still support the deprecated is_site_admin() function. The CNA product identified is wpengine:Database Backup for WordPress.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.5, indicating a high impact threat, and the EPSS score is not available, implying uncertainty about exact exploitation probability. The flaw is not listed in the CISA KEV catalog, suggesting no publicly known zero‑day exploitation. Attackers can exploit the issue with a simple web request to the export endpoint, bypassing all authorization checks, which makes the risk moderate to high for sites still running the vulnerable plugin version.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

wpengine

Database Backup for WordPress

unaffected

Version	Status	Constraints
`0`	affected	≤ 2.5.2

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Database Backup for WordPress plugin to the latest release that includes proper authorization checks.
If an upgrade is not feasible, remove or disable the export functionality from the plugin or uninstall the plugin entirely from the multisite network.
Upgrade the WordPress core installation to a version where the deprecated is_site_admin() function has been removed or replace it, and restrict export access to authenticated administrators using server‑level or application‑layer controls.

Generated by OpenCVE AI on May 14, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://plugins.trac.wordpress.org/browser/wp-db-backup/tags/2.5.2/wp-db-backup.php#L1623
https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L153
https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L1632
https://plugins.trac.wordpress.org/changeset/3510595/
https://www.wordfence.com/threat-intel/vulnerabilities/id/d4a21d0d-f455-4901-a04b-13c891cf8f75?source=cve

History

Thu, 14 May 2026 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 14 May 2026 13:00:00 +0000

Type	Values Removed	Values Added
Description		The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to export database tables, leading to Sensitive Information Exposure. Note: This vulnerability is only exploitable in WordPress Multisite environments where the deprecated is_site_admin() function exists.
Title		Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export
Weaknesses		CWE-862
References		https://plugins.trac.wordpress.org/browser/wp-db-backup/tags/2.5.2/wp-db-backup.php#L1623 https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L153 https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L1632 https://plugins.trac.wordpress.org/changeset/3510595/ https://www.wordfence.com/threat-intel/vulnerabilities/id/d4a21d0d-f455-4901-a04b-13c891cf8f75?source=cve
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2026-05-14T12:32:04.851Z

Updated: 2026-05-14T15:57:55.982Z

Reserved: 2026-03-12T00:07:50.008Z

Link: CVE-2026-4029

Vulnrichment

Updated: 2026-05-14T15:57:52.237Z

NVD

Status : Deferred

Published: 2026-05-14T13:16:20.630

Modified: 2026-05-14T14:28:41.283

Link: CVE-2026-4029

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-14T14:45:22Z

Weaknesses

CWE-862

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object