Sensitive-Data-Exposure

CVE-2026-4031 is an authorization bypass vulnerability in the Database Backup for WordPress plugin (<= 2.5.2) that allows unauthenticated attackers to intercept database backup files by manipulating the backup directory via the wp_db_temp_dir parameter, leading to sensitive information exposure.

The `LoggingRestClientCustomizer` in Valtimo's `web` module automatically intercepts all outgoing HTTP calls and logs the full request/response body and headers, potentially exposing sensitive information like credentials, personal data, and session tokens via error messages logged at ERROR level (CVE-2026-44516).