WordPress Backup Migration Plugin Exposes Database Backups

CVE-2023-54346 is an information disclosure vulnerability in WordPress Plugin Backup Migration version 1.2.8 that allows unauthenticated attackers to download complete database backups through predictable file paths. The vulnerability stems from inadequate access controls and predictable backup file naming conventions, enabling attackers to enumerate backup directories by analyzing configuration files and logs, then construct direct URLs to retrieve sensitive backup archives. This affects any WordPress installation using the vulnerable plugin version, putting at risk organizations that store customer data, credentials, payment information, and other sensitive database contents in their WordPress environments. The impact is severe because database backups often contain unencrypted sensitive data and represent a complete snapshot of application state.

While this CVE doesn't map to specific MITRE ATT&CK techniques, Casky's Claude-powered security skills would detect the attack patterns through reconnaissance and exfiltration detection capabilities. Practitioners using Casky would identify suspicious patterns including: unauthenticated access to backup directories (T1526 - Reconnaissance), enumeration of configuration files and logs for path discovery (T1087 - Account Discovery and similar enumeration techniques), and unauthorized data access attempts targeting predictable resource locations. The extended reasoning capabilities would correlate multiple failed or successful access attempts to backup file paths with timing patterns, file sizes, and HTTP responses that indicate backup exfiltration activity. Security teams would see findings highlighting unusual directory traversal patterns, repeated requests to backup-related URLs, and access logs showing database archive downloads from external IP addresses—all indicators of active exploitation before data compromise occurs.