WordPress Plugin Vulnerabilities

1-Click Backup & Restore Database <= 1.0.3 - Missing Authorization

Description

The 1-Click Backup & Restore Database plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
1-click-backup-restore-database-by-sunbytes
No known fix

References

CVE
CVE-2025-32246
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/19aa5070-2336-4139-a05c-ca6f1a1a0e30

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
chuck
Verified
No
WPVDB ID
a3f01ff8-8fd2-4fa9-8bff-302239b4bd4d

Timeline

Publicly Published
2025-04-04 (about 1 year ago)
Added
2025-04-08 (about 1 year ago)
Last Updated
2025-04-08 (about 1 year ago)

Other

Published
Title
Published
2025-10-28
Title
Яндекс Доставка (Boxberry) <= 2.32 - Missing Authorization
Published
2025-06-19
Title
WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily <= 1.2.4.5 - Missing Authorization
Published
2025-08-26
Title
All Bootstrap Blocks < 1.3.29 - Missing Authorization
Published
2024-12-15
Title
Poll Maker < 5.5.1 - Missing Authorization
Published
2024-12-22
Title
Client Invoicing by Sprout Invoices – Easy Estimates and Invoices < 20.8.2 - Missing Authorization