Does Backup Bolt have any unpatched vulnerabilities?

Yes — Backup Bolt currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Backup Bolt compatible with WordPress 6.8.5?

According to WordPress.org data, Backup Bolt 1.5.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Backup Bolt compatible with PHP 5.6+?

Backup Bolt requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Backup Bolt updated?

Backup Bolt was last updated on Oct 5, 2025. Frequent updates are generally a positive security signal.

What is Backup Bolt's security score?

Backup Bolt has a WP-Safety security score of 76/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Backup Bolt Security & Risk Analysis

wordpress.org/plugins/backup-bolt

Super simple one click backup your site and download the backup in compressed zip format. Choose between custom or full WordPress backup.

900 active installs v1.5.0 PHP 5.6+ WP 4.0+ Updated Oct 5, 2025

backupbackupsdownload-backuprestorezip-backup

B · Generally Safe

CVEs total3

Unpatched1

Last CVEOct 2, 2025

Plugin page Download

Safety Verdict

Is Backup Bolt Safe to Use in 2026?

Mostly Safe

Score 76/100

Backup Bolt is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Oct 2, 2025Updated 6mo ago

Risk Assessment

The backup-bolt plugin v1.5.0 presents a mixed security profile. On one hand, the static analysis shows strong adherence to secure coding practices, with all AJAX handlers and REST API routes appearing to have authentication checks. The complete absence of dangerous functions, raw SQL queries, and unsanitized path taint flows is commendable. Furthermore, a high percentage of output escaping (80%) and the presence of nonce and capability checks are positive indicators. However, the plugin is not without significant concerns.

The vulnerability history is a major red flag. With three known CVEs, one of which remains unpatched, the plugin has a history of security weaknesses. The types of past vulnerabilities (External Control of File Name or Path, CSRF, Exposure of Sensitive Information) are particularly concerning as they can lead to severe compromise. The fact that a vulnerability was discovered as recently as October 2nd, 2025, and remains unpatched, significantly elevates the risk. While the current static analysis doesn't reveal immediate exploitable flaws in this specific version's code, the historical pattern suggests a recurring struggle with robust security implementation.

In conclusion, while version 1.5.0 of backup-bolt exhibits some good security practices in its code structure, the presence of an unpatched CVE and a history of serious vulnerability types means the overall risk is moderate to high. Users should be aware of the past issues and the ongoing unpatched vulnerability. The strength in code sanitization and authentication is overshadowed by the persistent security flaws indicated by its CVE history.

Key Concerns

Unpatched vulnerability exists
Medium severity vulnerabilities in history
Low severity vulnerabilities in history
Bundled outdated library (Freemius v1.0)
Output escaping below ideal threshold (80%)

Vulnerabilities

Backup Bolt Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

Low

3 total CVEs

CVE-2025-10306low · 3.8External Control of File Name or Path

Backup Bolt <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download

Oct 2, 2025 Patched in 1.5.0 (9d)

CVE-2025-49040medium · 4.3Cross-Site Request Forgery (CSRF)

Backup Bolt <= 1.4.1 - Cross-Site Request Forgery

Aug 19, 2025Unpatched

CVE-2023-7236medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Backup Bolt <= 1.3.0 - Sensitive Information Exposure

Feb 20, 2024 Patched in 1.4.0 (20d)

Code Analysis

Analyzed Mar 16, 2026

Backup Bolt Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

37 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

80% escaped46 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

process_backup_batch (admin\ajax_handlers.php:99)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Backup Bolt Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 7

authwp_ajax_babo_calculate_backupadmin\ajax_handlers.php:18

authwp_ajax_babo_initiate_backupadmin\ajax_handlers.php:19

authwp_ajax_babo_refresh_logadmin\ajax_handlers.php:20

authwp_ajax_babo_stop_backupadmin\ajax_handlers.php:21

authwp_ajax_babo_backup_successadmin\ajax_handlers.php:22

authwp_ajax_babo_process_backupadmin\ajax_handlers.php:24

authwp_ajax_babo_review_noticeadmin\ajax_handlers.php:26

WordPress Hooks 8

actionbabo_clear_backupsadmin\admin.php:22

actionadmin_noticesadmin\admin.php:26

actionbabo_show_reviewrequestadmin\ajax_handlers.php:27

actionplugins_loadedadmin\enqueues.php:15

actionadmin_enqueue_scriptsadmin\enqueues.php:18

actionadmin_enqueue_scriptsadmin\enqueues.php:19

actionadmin_menuadmin\pages.php:14

actionadmin_initadmin\pages.php:15

Scheduled Events 2

babo_show_reviewrequest

babo_clear_backups

Maintenance & Trust

Backup Bolt Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 5, 2025

PHP min version5.6

Downloads18K

Community Trust

Rating94/100

Number of ratings13

Active installs900

Alternatives

Backup Bolt Alternatives

WP Umbrella: Update Backup Restore & Monitoring

wp-health

Everything you need to sell WordPress maintenance and manage multiple sites effortlessly: backup, update, uptime monitoring, and security.

60K 1 CVE

Automatic WordPress Backup

automatic-wordpress-backup

Automatically back up important bits of your WordPress install to Amazon S3.

300 No CVEs

WP S3 Backups

wp-s3-backups

Automatically back up important bits of your WordPress install to Amazon S3.

30 No CVEs

SiteSkite

siteskite

100

Manage, backup, monitor, and restore WordPress sites from one dashboard. Create sandbox sites, use blueprints, and automate updates.

10 No CVEs

WPBackupEssentials

wpbackupessentials

WPBackupEssentials is the best plugin to easily backup and quick restore your entire Wordpress website in a few simple clicks!

10 No CVEs

Developer Profile

Backup Bolt Developer Profile

Backup Bolt

2 plugins · 900 total installs

trust score

Avg Security Score

84/100

Avg Patch Time

15 days

View full developer profile

Detection Fingerprints

How We Detect Backup Bolt

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/backup-bolt/css/main.min.css/wp-content/plugins/backup-bolt/css/sweetalert2.min.css/wp-content/plugins/backup-bolt/js/main.js/wp-content/plugins/backup-bolt/js/popper.min.js/wp-content/plugins/backup-bolt/js/sweetalert2.all.min.js/wp-content/plugins/backup-bolt/js/tippy-bundle.iife.min.js

Script Paths

/wp-content/plugins/backup-bolt/js/sweetalert2.all.min.js/wp-content/plugins/backup-bolt/js/popper.min.js/wp-content/plugins/backup-bolt/js/tippy-bundle.iife.min.js/wp-content/plugins/backup-bolt/js/main.js

Version Parameters

backup-bolt/css/main.min.css?ver=backup-bolt/css/sweetalert2.min.css?ver=backup-bolt/js/sweetalert2.all.min.js?ver=backup-bolt/js/popper.min.js?ver=backup-bolt/js/tippy-bundle.iife.min.js?ver=backup-bolt/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

tippy-box

JS Globals

bb_fs

FAQ