CVE-2025-12394
📋 TL;DR
The Backup Migration WordPress plugin before version 2.0.0 has an information disclosure vulnerability that allows unauthenticated attackers to discover backup filenames. This leads to unauthorized download of backup archives containing potentially sensitive website data. All WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Backup Migration WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers download complete website backups containing database credentials, user data, configuration files, and sensitive content, leading to full site compromise.
Likely Case
Attackers download backup archives containing sensitive information like database dumps, configuration files, and user data for reconnaissance or further attacks.
If Mitigated
Backup files are protected by proper authentication or moved outside web-accessible directories, preventing unauthorized access.
🎯 Exploit Status
Exploitation requires only HTTP requests to discover and download backup files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.0
Vendor Advisory: https://wpscan.com/vulnerability/e61293d0-2e1b-4dac-96c5-97fa17e38b16/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Backup Migration plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.0.0+ from WordPress repository and replace existing plugin.
🔧 Temporary Workarounds
Move Backup Directory
linuxRelocate backup files outside web-accessible directories
mv /var/www/html/wp-content/backup-migration-backups/ /home/backups/
chmod 600 /home/backups/*
Block Access via .htaccess
allPrevent access to backup files using web server rules
Add to .htaccess: <FilesMatch "\.(sql|zip|tar|gz|backup)$">
Order Allow,Deny
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Disable the Backup Migration plugin immediately
- Manually delete all backup files from web-accessible directories
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Backup Migration → Version number. If version is below 2.0.0, system is vulnerable.Check Version:
wp plugin list --name=backup-migration --field=versionVerify Fix Applied:
Confirm plugin version is 2.0.0 or higher in WordPress admin panel, then attempt to access /wp-content/backup-migration-backups/ directory - should return 403 or 404.📡 Detection & Monitoring
Log Indicators:
- HTTP 200 requests to backup file paths
- Unauthenticated access to /wp-content/backup-migration-backups/
- Large file downloads from backup directories
Network Indicators:
- Unusual GET requests for .zip, .sql, or backup files
- Traffic patterns showing sequential backup file enumeration
SIEM Query:
source="web_logs" AND (uri_path="/wp-content/backup-migration-backups/" OR uri_path CONTAINS ".backup" OR uri_path CONTAINS ".sql") AND status=200