{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/database-backup/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-4029"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Database Backup for WordPress plugin \u003c= 2.5.2"],"_cs_severities":["high"],"_cs_tags":["cve","wordpress","database backup","unauthenticated access","data exfiltration"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe Database Backup for WordPress plugin, in versions up to and including 2.5.2, is vulnerable to an unauthorized database export flaw. This vulnerability, identified as CVE-2026-4029, stems from the plugin\u0026rsquo;s failure to properly enforce the return value of its authorization check. The vulnerability specifically affects WordPress Multisite environments where the deprecated \u003ccode\u003eis_site_admin()\u003c/code\u003e function is present. Successful exploitation allows unauthenticated attackers to export database tables, potentially leading to sensitive information exposure. Defenders should ensure the plugin is updated to a version beyond 2.5.2 or implement compensating controls to restrict access to database export functionality.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a WordPress Multisite instance using Database Backup for WordPress plugin version 2.5.2 or earlier.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request to the plugin\u0026rsquo;s database export functionality, bypassing the intended authorization checks.\u003c/li\u003e\n\u003cli\u003eThe plugin\u0026rsquo;s authorization check fails to properly validate the user\u0026rsquo;s permissions due to improper enforcement of the return value.\u003c/li\u003e\n\u003cli\u003eThe plugin initiates a database export operation.\u003c/li\u003e\n\u003cli\u003eThe database tables are exported and made accessible to the unauthenticated attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker downloads the exported database, which contains sensitive information.\u003c/li\u003e\n\u003cli\u003eAttacker analyzes the database content to extract sensitive credentials, configuration details, or user data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-4029 allows unauthenticated attackers to export sensitive database tables from vulnerable WordPress Multisite installations. This can lead to the exposure of usernames, passwords, API keys, customer data, and other confidential information stored in the database. The impact is high due to the potential for complete compromise of the affected WordPress site and the sensitive data it manages.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Database Backup for WordPress plugin to the latest version (greater than 2.5.2) to patch CVE-2026-4029.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests to database export endpoints associated with the Database Backup for WordPress plugin, using the Sigma rule \u003ccode\u003eDetect Unauthorized WordPress Database Export\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eIn WordPress Multisite environments, investigate any unusual activity related to the \u003ccode\u003eis_site_admin()\u003c/code\u003e function or database backup operations.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T13:19:11Z","date_published":"2026-05-14T13:19:11Z","id":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-db-backup-export/","summary":"The Database Backup for WordPress plugin up to version 2.5.2 is vulnerable to unauthorized database export due to improper authorization enforcement, allowing unauthenticated attackers to export database tables in WordPress Multisite environments.","title":"CVE-2026-4029: Database Backup for WordPress Plugin Unauthorized Database Export","url":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-db-backup-export/"}],"language":"en","title":"CraftedSignal Threat Feed — Database Backup","version":"https://jsonfeed.org/version/1.1"}