Cyber Resilience

CVE-2023-54346

HighPublic PoC

Published: 05 May 2026

Published
05 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0031 22.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2023-54346 is a high-severity Insertion of Sensitive Information into Externally-Accessible File or Directory (CWE-538) vulnerability in Backupbliss (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CP-9 (System Backup).

Deeper analysis

CVE-2023-54346 is an information disclosure vulnerability (CWE-538) affecting the WordPress plugin Backup Migration version 1.2.8, assigned a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability enables unauthenticated attackers to download complete database backups through predictable file paths. Attackers can enumerate backup directories by accessing exposed configuration files and complete logs, allowing them to construct direct download URLs for sensitive backup archives that contain full database dumps.

Unauthenticated remote attackers can exploit this issue with low complexity, requiring no privileges or user interaction. Successful exploitation grants high confidentiality impact by exposing sensitive data such as full database contents, while integrity and availability remain unaffected.

Advisories from VulnCheck and a proof-of-concept exploit on Exploit-DB document the unauthenticated database backup download capability. Additional references include the plugin's vendor site at backupbliss.com and the affected version download at downloads.wordpress.org/plugin/backup-backup.1.2.8.zip.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs…

more

to retrieve sensitive backup archives containing full database dumps.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Vulnerability in public-facing WordPress plugin enables unauthenticated remote file access and direct exfiltration of database backup contents via predictable paths.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-37104Shared CWE-538
CVE-2025-12059Shared CWE-538
CVE-2026-27173Shared CWE-538
CVE-2016-20024Shared CWE-538
CVE-2026-23838Shared CWE-538
CVE-2019-25706Shared CWE-538
CVE-2026-21672Shared CWE-538
CVE-2026-49298Shared CWE-538
CVE-2025-11079Shared CWE-538

Affected Assets

Backupbliss
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires protection of backup information to prevent storage of database backups in publicly accessible locations with predictable paths.

prevent

Enforces approved authorizations for public access, blocking unauthenticated downloads of sensitive backup archives from external interfaces.

prevent

Enforces logical access controls on configuration files, logs, and backup directories to prevent enumeration and direct unauthorized access.

References