CVE-2026-4030 - Database Backup for WordPress - Broken Access Control

Overview

Database Backup for WordPress plugin <= 2.5.2 contains an unauthorized arbitrary file read and deletion vulnerability caused by improper authorization check enforcement and user-controlled backup directory parameter, letting unauthenticated attackers read and delete arbitrary files, exploit requires WordPress Multisite with deprecated is_site_admin() function.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can read and delete arbitrary files, leading to sensitive information exposure and potential site takeover.

Mitigation

Update to the latest version beyond 2.5.2.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

May 14, 2026

🟠 CVE-2026-4030 - High (8.1) The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorizati... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4030/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

May 14, 2026

🟠 CVE-2026-4030 - High (8.1) The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorizati... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4030/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

CVE-2026-4030 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(2 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score