WP-Safety

DB Backup Security & Risk Analysis

wordpress.org/plugins/db-backup

Backup your database in easy and fast way.

80 active installs v6.0 PHP + WP 3.0+ Updated Mar 10, 2018
backupdatabasedatabase-backupdbdb-backup
59
C · Use Caution
CVEs total2
Unpatched1
Last CVEJul 16, 2025
Download
Safety Verdict

Is DB Backup Safe to Use in 2026?

Use With Caution

Score 59/100

DB Backup has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Jul 16, 2025Updated 8yr ago
Risk Assessment

The "db-backup" plugin v6.0 exhibits significant security concerns, primarily due to its limited attack surface being largely unprotected. The presence of one unprotected AJAX handler represents a direct entry point for potential attackers to exploit. While the plugin avoids dangerous functions and external HTTP requests, and has some file operations and capability checks, these are overshadowed by fundamental security omissions. The lack of nonce checks on the unprotected AJAX handler, coupled with only one capability check across all entry points, strongly suggests a missing authorization vulnerability is present.

The vulnerability history for this plugin is concerning, with two known CVEs, one of which remains unpatched. The types of historical vulnerabilities, "Missing Authorization" and "Path Traversal," directly align with the red flags observed in the static analysis, particularly the unprotected AJAX handler and potential for insecure file operations. The high-severity unpatched vulnerability indicates a critical, ongoing risk to any site using this plugin.

While the plugin's use of prepared statements for some SQL queries and a decent number of output operations are positive indicators, they do not mitigate the severe risks posed by the unprotected AJAX endpoint and the unpatched, high-severity vulnerability from its history. The overall security posture is weak, and urgent attention is required to address the unpatched CVE and the unprotected entry point.

Key Concerns

  • Unprotected AJAX handler
  • Unpatched high severity CVE
  • Missing nonce checks on AJAX
  • Only 1 capability check for entry points
  • 20% SQL queries using prepared statements (80% not)
  • 30% properly escaped outputs (70% not)
Vulnerabilities
2

DB Backup Security Vulnerabilities

CVEs by Year

1 CVE in 2014
2014
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-50031medium · 4.3Missing Authorization

DB Backup <= 6.0 - Missing Authorization

Jul 16, 2025Unpatched
CVE-2014-9119high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DB Backup < 5.0 - Directory Traversal

Dec 16, 2014 Patched in 5.0 (3325d)
Code Analysis
Analyzed Mar 16, 2026

DB Backup Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
1 prepared
Unescaped Output
7
3 escaped
Nonce Checks
0
Capability Checks
1
File Operations
4
External Requests
0
Bundled Libraries
0

SQL Query Safety

20% prepared5 total queries

Output Escaping

30% escaped10 total outputs
Attack Surface
1 unprotected

DB Backup Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_myAjaxdb-backup.php:21
WordPress Hooks 2
actionadmin_menudb-backup.php:18
actionadmin_initdb-backup.php:19
Maintenance & Trust

DB Backup Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedMar 10, 2018
PHP min version
Downloads20K

Community Trust

Rating86/100
Number of ratings3
Active installs80
Alternatives

DB Backup Alternatives

UpdraftPlus: WP Backup & Migration Plugin

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

A
90

Backup, restore or migrate your WordPress website to another host or domain. Schedule backups or run manually. Migrate in minutes.

3.0M 14 CVEs
Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

duplicator

A
87

The best WordPress backup and migration plugin. Quickly and easily backup ,migrate, copy, move, or clone your site from one location to another.

1.0M 15 CVEs
Backuply – Backup, Restore, Migrate and Clone

Backuply – Backup, Restore, Migrate and Clone

backuply

A
90

Backup, restores, and migration with Backuply are fairly simple with a wide range of storage options from Local Backups, FTP to cloud options like AWS &hellip;

600K 5 CVEs
BackWPup – WordPress Backup & Restore Plugin

BackWPup – WordPress Backup & Restore Plugin

backwpup

B
83

Create a complete WordPress backup easily. Schedule automatic backups, store securely, and restore effortlessly with the best WordPress backup plugin!

500K 10 CVEs
Database Backup for WordPress

Database Backup for WordPress

wp-db-backup

B
82

Database Backup for WordPress is your one-stop database backup solution for WordPress.

70K 4 CVEs
Developer Profile

DB Backup Developer Profile

syedamirhussain91

1 plugin · 80 total installs

50
trust score
Avg Security Score
59/100
Avg Patch Time
3325 days
View full developer profile
Detection Fingerprints

How We Detect DB Backup

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/db-backup/css/style.css/wp-content/plugins/db-backup/js/js.js
Script Paths
/wp-content/plugins/db-backup/js/js.js
Version Parameters
db-backup/css/style.css?ver=db-backup/js/js.js?ver=

HTML / DOM Fingerprints

CSS Classes
dbbkp_csv_output_area
HTML Comments
<!-- Table structure for table `-- Dumping data for table `
Data Attributes
dbbkp_csv_tbldbbkp_optiondbbkp_saveAs_optiondbbkp_saveAs_fileNamecsv_comp_bkpex_struct+2 more
FAQ

Frequently Asked Questions about DB Backup