WP-Safety

BlogVault Backup & Staging Security & Risk Analysis

wordpress.org/plugins/blogvault-real-time-backup

Secure incremental backups with staging, migration, and one-click restore for WordPress. Offsite storage and easy recovery.

80K active installs v6.36 PHP 7.0+ WP 4.0+ Updated Jan 29, 2026
backupclonecloud-backupmigrationstaging
99
A · Safe
CVEs total1
Unpatched0
Last CVEApr 6, 2017
Plugin page Download
Safety Verdict

Is BlogVault Backup & Staging Safe to Use in 2026?

Generally Safe

Score 99/100

BlogVault Backup & Staging has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 6, 2017Updated 2mo ago
Risk Assessment

The blogvault-real-time-backup plugin v6.36 exhibits a mixed security posture. While it demonstrates good practices in output escaping (98%) and utilizes prepared statements for a majority of its SQL queries (71%), significant concerns arise from its attack surface. With two AJAX handlers and neither protected by authentication checks, this creates a direct entry point for potentially malicious actions without proper authorization. The presence of dangerous functions like 'exec' and 'popen' within the code also raises a red flag, as these can be leveraged for command injection if not handled with extreme care and robust input validation, although no specific taint flows were identified in the static analysis.

The plugin's vulnerability history shows a single high-severity CVE related to deserialization of untrusted data, last patched in 2017. Although currently unpatched vulnerabilities are zero, the historical presence of a deserialization issue highlights a past weakness that, combined with the unauthenticated AJAX endpoints, could represent a latent risk if similar input vectors are not properly secured. The absence of taint analysis findings is positive, suggesting that known critical vulnerabilities are addressed. However, the two unprotected AJAX endpoints are the most immediate and significant security concern, requiring immediate attention.

Key Concerns

  • AJAX handlers without auth checks
  • Presence of dangerous functions (exec, popen)
  • Historical high-severity CVE (deserialization)
Vulnerabilities
1

BlogVault Backup & Staging Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

WF-01139cbd-1116-4cf8-bdcb-cb182588d093-blogvault-real-time-backuphigh · 8.3Deserialization of Untrusted Data

BlogVault WordPress Backup Plugin 1.40 - 1.44 - Unauthenticated PHP Object Injection

Apr 6, 2017 Patched in 1.45 (2483d)
Code Analysis
Analyzed Mar 16, 2026

BlogVault Backup & Staging Code Analysis

Dangerous Functions
2
Raw SQL Queries
5
12 prepared
Unescaped Output
4
171 escaped
Nonce Checks
2
Capability Checks
7
File Operations
25
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

exec$execRes = exec('crontab -l', $output, $retval);callback\wings\security.php:19
popen$handle = popen('crontab -l', 'rb');callback\wings\security.php:27

SQL Query Safety

71% prepared17 total queries

Output Escaping

98% escaped175 total outputs
Attack Surface
2 unprotected

BlogVault Backup & Staging Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_bvadmblogvault.php:160
noprivwp_ajax_bvadmblogvault.php:161
WordPress Hooks 225
actionwp_footerblogvault.php:65
actionbv_clear_bv_services_configblogvault.php:66
actionadmin_initblogvault.php:76
filterall_pluginsblogvault.php:77
filterplugin_row_metablogvault.php:78
filterdebug_informationblogvault.php:79
actionnetwork_admin_menublogvault.php:81
actionadmin_menublogvault.php:83
filterplugin_action_linksblogvault.php:85
actionadmin_headblogvault.php:86
actionadmin_noticesblogvault.php:90
actionadmin_enqueue_scriptsblogvault.php:91
actionbv_remove_bv_preload_includeblogvault.php:102
actionwp_loadedblogvault.php:158
actionbv_clear_pt_configblogvault.php:178
filterauto_update_coreblogvault.php:198
filterauto_update_themeblogvault.php:201
filterthemes_auto_update_enabledblogvault.php:202
filterauto_update_pluginblogvault.php:205
filterplugins_auto_update_enabledblogvault.php:206
filterauto_update_translationblogvault.php:209
filtersite_transient_update_pluginsblogvault.php:215
actionbv_clear_wp_2fa_configblogvault.php:231
filterupgrader_clear_destinationcallback\wings\manage.php:345
filterupgrader_source_selectioncallback\wings\manage.php:395
filterupgrader_pre_installcallback\wings\manage.php:507
filterupgrader_post_installcallback\wings\manage.php:508
filterupgrader_clear_destinationcallback\wings\manage.php:509
filterupgrader_source_selectioncallback\wings\manage.php:557
filterupgrader_source_selectioncallback\wings\manage.php:710
filterupgrader_post_installcallback\wings\manage.php:712
actioninitform_testing\form_testing.php:67
filterakismet_get_api_keyform_testing\form_testing.php:74
filterwpcf7_skip_spam_checkform_testing\handlers\contact_form7.php:26
actionwpcf7_before_send_mailform_testing\handlers\contact_form7.php:30
filterfrm_is_field_hiddenform_testing\handlers\formidable_form.php:26
filterfrm_send_emailform_testing\handlers\formidable_form.php:30
filtergform_pre_send_emailform_testing\handlers\gravity_form.php:41
filterninja_forms_pre_validate_field_settingsform_testing\handlers\ninja_form.php:26
filterninja_forms_run_action_type_recaptchaform_testing\handlers\ninja_form.php:33
filterninja_forms_action_email_sendform_testing\handlers\ninja_form.php:37
filterwpforms_process_bypass_captchaform_testing\handlers\wp_form.php:26
filterwpforms_entry_emailform_testing\handlers\wp_form.php:30
actionbv_clear_php_error_configphp_error_monitoring\monitoring.php:33
actioninitprotect\fw.php:934
actioninitprotect\fw.php:940
filterauthenticateprotect\lp.php:98
actionwp_loginprotect\lp.php:99
actionwp_login_failedprotect\lp.php:100
actionwp_enqueue_scriptswp_2fa\wp_2fa.php:45
filterauthenticatewp_2fa\wp_2fa.php:46
actionlogin_formwp_2fa\wp_2fa.php:47
actionpre_post_updatewp_actlog.php:478
actionsave_postwp_actlog.php:479
actionpost_stuckwp_actlog.php:480
actionpost_unstuckwp_actlog.php:481
actiondelete_postwp_actlog.php:482
actioncomment_postwp_actlog.php:485
actionedit_commentwp_actlog.php:486
actiontransition_comment_statuswp_actlog.php:487
actioncreate_termwp_actlog.php:490
actionpre_delete_termwp_actlog.php:491
actiondelete_termwp_actlog.php:492
filterwp_update_term_datawp_actlog.php:493
actionuser_registerwp_actlog.php:496
actionwpmu_new_userwp_actlog.php:497
actionprofile_updatewp_actlog.php:498
actiondelete_userwp_actlog.php:499
actionwpmu_delete_userwp_actlog.php:500
actionactivate_pluginwp_actlog.php:503
actiondeactivate_pluginwp_actlog.php:504
actionswitch_themewp_actlog.php:505
actionwp_insert_sitewp_actlog.php:508
actionarchive_blogwp_actlog.php:509
actionunarchive_blogwp_actlog.php:510
actionactivate_blogwp_actlog.php:511
actiondeactivate_blogwp_actlog.php:512
actionwp_delete_sitewp_actlog.php:513
actionwp_loginwp_actlog.php:516
actionwp_logoutwp_actlog.php:517
actionpassword_resetwp_actlog.php:518
actionupgrader_process_completewp_actlog.php:521
action_core_updated_successfullywp_actlog.php:522
actionwoocommerce_attribute_addedwp_actlog.php:525
actionwoocommerce_attribute_updatedwp_actlog.php:526
actionwoocommerce_before_attribute_deletewp_actlog.php:527
actionwoocommerce_attribute_deletedwp_actlog.php:528
actionwoocommerce_tax_rate_addedwp_actlog.php:530
actionwoocommerce_tax_rate_deletedwp_actlog.php:531
actionwoocommerce_tax_rate_updatedwp_actlog.php:532
actionwoocommerce_grant_product_download_accesswp_actlog.php:534
actionwoocommerce_ajax_revoke_access_to_product_downloadwp_actlog.php:535
actionwoocommerce_shipping_zone_method_addedwp_actlog.php:537
actionwoocommerce_shipping_zone_method_status_toggledwp_actlog.php:538
actionwoocommerce_shipping_zone_method_deletedwp_actlog.php:539
actionbv_clear_dynsync_configwp_dynsync.php:23
actiondelete_commentwp_dynsync.php:560
actionwp_set_comment_statuswp_dynsync.php:561
actiontrashed_commentwp_dynsync.php:562
actionuntrashed_commentwp_dynsync.php:563
actionwp_insert_commentwp_dynsync.php:564
actioncomment_postwp_dynsync.php:565
actionedit_commentwp_dynsync.php:566
actionadded_comment_metawp_dynsync.php:569
actionupdated_comment_metawp_dynsync.php:570
actiondeleted_comment_metawp_dynsync.php:571
actionadded_user_metawp_dynsync.php:574
actionupdated_user_metawp_dynsync.php:575
actiondeleted_user_metawp_dynsync.php:576
actionadded_usermetawp_dynsync.php:577
actionupdate_usermetawp_dynsync.php:578
actiondelete_usermetawp_dynsync.php:579
actionuser_registerwp_dynsync.php:582
actionpassword_resetwp_dynsync.php:583
actionprofile_updatewp_dynsync.php:584
actiondeleted_userwp_dynsync.php:585
actiondelete_postwp_dynsync.php:588
actiontrash_postwp_dynsync.php:589
actionuntrash_postwp_dynsync.php:590
actionedit_postwp_dynsync.php:591
actionsave_postwp_dynsync.php:592
actionwp_insert_postwp_dynsync.php:593
actionedit_attachmentwp_dynsync.php:594
actionadd_attachmentwp_dynsync.php:595
actiondelete_attachmentwp_dynsync.php:596
actionprivate_to_publishwp_dynsync.php:597
actionwp_restore_post_revisionwp_dynsync.php:598
actionadded_post_metawp_dynsync.php:602
actionupdate_post_metawp_dynsync.php:603
actionupdated_post_metawp_dynsync.php:604
actiondelete_post_metawp_dynsync.php:605
actiondeleted_post_metawp_dynsync.php:606
actionadded_postmetawp_dynsync.php:607
actionupdate_postmetawp_dynsync.php:608
actiondelete_postmetawp_dynsync.php:609
actionedit_linkwp_dynsync.php:612
actionadd_linkwp_dynsync.php:613
actiondelete_linkwp_dynsync.php:614
actioncreated_termwp_dynsync.php:617
actionedited_termwp_dynsync.php:618
actionedited_termswp_dynsync.php:619
actiondelete_termwp_dynsync.php:620
actionedit_term_taxonomywp_dynsync.php:621
actiondelete_term_taxonomywp_dynsync.php:622
actionedit_term_taxonomieswp_dynsync.php:623
actionadd_term_relationshipwp_dynsync.php:624
actiondelete_term_relationshipswp_dynsync.php:625
actionset_object_termswp_dynsync.php:626
actionswitch_themewp_dynsync.php:628
actionactivate_pluginwp_dynsync.php:629
actiondeactivate_pluginwp_dynsync.php:630
actiondeleted_optionwp_dynsync.php:633
actionupdated_optionwp_dynsync.php:634
actionadded_optionwp_dynsync.php:635
actionwp_handle_uploadwp_dynsync.php:638
actionwp_update_attachment_metadatawp_dynsync.php:639
actionwpmu_new_blogwp_dynsync.php:643
actiondelete_site_optionwp_dynsync.php:644
actionadd_site_optionwp_dynsync.php:645
actionupdate_site_optionwp_dynsync.php:646
actionwoocommerce_remove_order_itemswp_dynsync.php:649
actionwoocommerce_update_orderwp_dynsync.php:650
actionwoocommerce_delete_orderwp_dynsync.php:651
actionwoocommerce_trash_orderwp_dynsync.php:652
actionwoocommerce_resume_orderwp_dynsync.php:653
actionwoocommerce_new_order_itemwp_dynsync.php:654
actionwoocommerce_update_order_itemwp_dynsync.php:655
actionwoocommerce_delete_order_itemwp_dynsync.php:656
actionwoocommerce_delete_order_itemswp_dynsync.php:657
actionadded_order_item_metawp_dynsync.php:658
actionupdated_order_item_metawp_dynsync.php:659
actiondeleted_order_item_metawp_dynsync.php:660
actionwoocommerce_attribute_addedwp_dynsync.php:662
actionwoocommerce_attribute_updatedwp_dynsync.php:663
actionwoocommerce_attribute_deletedwp_dynsync.php:664
actionwoocommerce_tax_rate_addedwp_dynsync.php:666
actionwoocommerce_tax_rate_deletedwp_dynsync.php:667
actionwoocommerce_tax_rate_updatedwp_dynsync.php:668
actionwoocommerce_new_webhookwp_dynsync.php:670
actionwoocommerce_webhook_updatedwp_dynsync.php:671
actionwoocommerce_webhook_deletedwp_dynsync.php:672
actionwoocommerce_download_productwp_dynsync.php:674
actionwoocommerce_grant_product_download_accesswp_dynsync.php:675
actionwoocommerce_ajax_revoke_access_to_product_downloadwp_dynsync.php:676
actionwoocommerce_deleted_order_downloadable_permissionswp_dynsync.php:677
actionwoocommerce_new_payment_tokenwp_dynsync.php:679
actionwoocommerce_payment_token_createdwp_dynsync.php:680
actionwoocommerce_payment_token_updatedwp_dynsync.php:681
actionwoocommerce_payment_token_deletedwp_dynsync.php:682
actionadded_payment_token_metawp_dynsync.php:683
actionupdated_payment_token_metawp_dynsync.php:684
actiondeleted_payment_token_metawp_dynsync.php:685
actionwoocommerce_shipping_zone_method_addedwp_dynsync.php:687
actionwoocommerce_shipping_zone_method_status_toggledwp_dynsync.php:688
actionwoocommerce_shipping_zone_method_deletedwp_dynsync.php:689
actionwoocommerce_delete_shipping_zonewp_dynsync.php:691
actionwoocommerce_delete_shipping_zone_methodwp_dynsync.php:692
actionwoocommerce_api_create_product_attributewp_dynsync.php:694
actionwoocommerce_api_edit_product_attributewp_dynsync.php:695
actionwoocommerce_note_createdwp_dynsync.php:697
actionwoocommerce_note_updatedwp_dynsync.php:698
actionwoocommerce_note_deletedwp_dynsync.php:699
actionwoocommerce_analytics_update_order_statswp_dynsync.php:701
actionwoocommerce_analytics_delete_order_statswp_dynsync.php:702
actionwoocommerce_analytics_update_productwp_dynsync.php:704
actionwoocommerce_analytics_delete_productwp_dynsync.php:705
actionwoocommerce_analytics_new_customerwp_dynsync.php:707
actionwoocommerce_analytics_update_customerwp_dynsync.php:708
actionwoocommerce_analytics_delete_customerwp_dynsync.php:709
actionwoocommerce_analytics_update_couponwp_dynsync.php:711
actionwoocommerce_analytics_delete_couponwp_dynsync.php:712
actionwoocommerce_analytics_update_taxwp_dynsync.php:714
actionwoocommerce_analytics_delete_taxwp_dynsync.php:715
actionwoocommerce_updated_product_stockwp_dynsync.php:717
actionwoocommerce_updated_product_saleswp_dynsync.php:718
actionwoocommerce_updated_product_pricewp_dynsync.php:719
actionwp_trash_postwp_dynsync.php:721
actionuntrashed_postwp_dynsync.php:722
actionwoocommerce_after_single_product_orderingwp_dynsync.php:724
actionwoocommerce_update_productwp_dynsync.php:725
actionwoocommerce_update_product_variationwp_dynsync.php:726
actionwoocommerce_payment_token_set_defaultwp_dynsync.php:728
actionwoocommerce_grant_product_download_permissionswp_dynsync.php:729
actionlogin_headwp_login_whitelabel.php:24
filterlogin_messagewp_login_whitelabel.php:25
Maintenance & Trust

BlogVault Backup & Staging Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 29, 2026
PHP min version7.0
Downloads4.9M

Community Trust

Rating90/100
Number of ratings325
Active installs80K
Alternatives

BlogVault Backup & Staging Alternatives

UpdraftPlus: WP Backup & Migration Plugin

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

A
90

Backup, restore or migrate your WordPress website to another host or domain. Schedule backups or run manually. Migrate in minutes.

3.0M 14 CVEs
Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

duplicator

A
87

The best WordPress backup and migration plugin. Quickly and easily backup ,migrate, copy, move, or clone your site from one location to another.

1.0M 15 CVEs
WPvivid — Backup, Migration & Staging

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

B
75

Migrate, staging, backup WordPress, all in one.

900K 26 CVEs
Backup Migration

Backup Migration

backup-backup

B
77

Backup Migration

100K 12 CVEs
WP STAGING – WordPress Backup, Restore & Migration

WP STAGING – WordPress Backup, Restore & Migration

wp-staging

A
95

Backup, restore, staging, and migration for WordPress. Create full-site backups and test updates safely.

100K 4 CVEs
Developer Profile

BlogVault Backup & Staging Developer Profile

akshatc

2 plugins · 110K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
1634 days
View full developer profile
Detection Fingerprints

How We Detect BlogVault Backup & Staging

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/blogvault-real-time-backup/wp_settings.php/wp-content/plugins/blogvault-real-time-backup/wp_site_info.php/wp-content/plugins/blogvault-real-time-backup/wp_db.php/wp-content/plugins/blogvault-real-time-backup/wp_api.php/wp-content/plugins/blogvault-real-time-backup/wp_actions.php/wp-content/plugins/blogvault-real-time-backup/info.php/wp-content/plugins/blogvault-real-time-backup/account.php/wp-content/plugins/blogvault-real-time-backup/helper.php+13 more
Version Parameters
blogvault-real-time-backup/style.css?ver=blogvault-real-time-backup/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
bv-nav-tabbv-site-info-wrapbv-log-tablebv-spinnerbv-modal-content
HTML Comments
Copyright 2017 BlogVaultThis program is free software; you can redistribute it and/or modifyThis program is distributed in the hope that it will be usefulYou should have received a copy of the GNU General Public License
Data Attributes
data-bv-modaldata-bv-actionbv-noncebv-target
JS Globals
bv_site_settingsblogvault_ajax_objectbv_wp_object
REST Endpoints
/wp-json/blogvault/v1/site-info/wp-json/blogvault/v1/backup/wp-json/blogvault/v1/restore
FAQ

Frequently Asked Questions about BlogVault Backup & Staging