WP-Safety

Backup Database Security & Risk Analysis

wordpress.org/plugins/fny-database-backup

Backup Database Plugin includes backup into Dropbox, Google Drive, Amazon, FTP, etc. You can simply backup and migrate your website wherever you need …

60 active installs v1.6.1 PHP + WP 3.8+ Updated Jul 28, 2018
backupdatabase-backupmigraterestoresite-backup
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Backup Database Safe to Use in 2026?

Generally Safe

Score 85/100

Backup Database has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "fny-database-backup" plugin version 1.6.1 exhibits a significant security concern due to a large attack surface with all 11 AJAX handlers lacking authentication checks. This means any unauthenticated user could potentially interact with these handlers, leading to unintended actions or information disclosure. Furthermore, the plugin uses the `unserialize` function in 9 instances, which, when coupled with unchecked user input, can open the door to Remote Code Execution vulnerabilities. While the plugin demonstrates good practices by using prepared statements for a high percentage of its SQL queries and has no recorded vulnerability history, the absence of proper authorization and the presence of potentially dangerous functions without apparent sanitization are critical weaknesses. The limited output escaping (38%) also raises concerns about potential Cross-Site Scripting (XSS) vulnerabilities.

Key Concerns

  • 11 unprotected AJAX handlers
  • 9 uses of unserialize()
  • 38% proper output escaping
  • 0 capability checks
Vulnerabilities
None known

Backup Database Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Backup Database Code Analysis

Dangerous Functions
9
Raw SQL Queries
5
58 prepared
Unescaped Output
38
23 escaped
Nonce Checks
7
Capability Checks
0
File Operations
87
External Requests
4
Bundled Libraries
1

Dangerous Functions Found

unserialize$data = unserialize($serialized);com\includes\Amazon\Aws\Common\Model\MultipartUpload\AbstractTransferState.php:155
unserialize$this->loadData(unserialize($serialized));com\includes\Amazon\Aws\Common\Model\MultipartUpload\AbstractUploadId.php:68
unserialize$this->loadData(unserialize($serialized));com\includes\Amazon\Aws\Common\Model\MultipartUpload\AbstractUploadPart.php:81
unserializeforeach (unserialize($manifest) as $entry) {com\includes\Amazon\Guzzle\Plugin\Cache\DefaultCacheStorage.php:72
unserializeforeach (unserialize($entries) as $entry) {com\includes\Amazon\Guzzle\Plugin\Cache\DefaultCacheStorage.php:107
unserialize$entries = unserialize($entries);com\includes\Amazon\Guzzle\Plugin\Cache\DefaultCacheStorage.php:132
unserializereturn @unserialize($token);com\includes\Dropbox\Dropbox\OAuth\Storage\Session.php:150
unserializereturn unserialize($ret['data']);com\includes\GoogleDrive\cache\Google_ApcCache.php:79
unserialize$data = unserialize($data);com\includes\GoogleDrive\cache\Google_FileCache.php:100

Bundled Libraries

Guzzle

SQL Query Safety

92% prepared63 total queries

Output Escaping

38% escaped61 total outputs
Attack Surface
11 unprotected

Backup Database Attack Surface

Entry Points11
Unprotected11

AJAX Handlers 11

authwp_ajax_start_backupfny-database-backup.php:65
authwp_ajax_check_backup_creationfny-database-backup.php:66
authwp_ajax_delete_backupfny-database-backup.php:67
authwp_ajax_stop_backupfny-database-backup.php:68
authwp_ajax_check_action_statusfny-database-backup.php:69
authwp_ajax_save_settingsfny-database-backup.php:70
authwp_ajax_save_schedule_settingsfny-database-backup.php:71
authwp_ajax_connect_to_gdrivefny-database-backup.php:72
authwp_ajax_fny_db_store_amazon_settingsfny-database-backup.php:73
authwp_ajax_fny_db_store_ftp_settingsfny-database-backup.php:74
authwp_ajax_save_migrate_settingsfny-database-backup.php:75
WordPress Hooks 5
actioninitfny-database-backup.php:23
actionfny_db_schedule_actionfny-database-backup.php:24
actionadmin_menufny-database-backup.php:41
actionadmin_post_connect_to_gdrivefny-database-backup.php:77
actionadmin_post_fny_download_backupfny-database-backup.php:78

Scheduled Events 1

fny_db_schedule_action
Maintenance & Trust

Backup Database Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedJul 28, 2018
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings9
Active installs60
Alternatives

Backup Database Alternatives

Backuply – Backup, Restore, Migrate and Clone

Backuply – Backup, Restore, Migrate and Clone

backuply

A
90

Backup, restores, and migration with Backuply are fairly simple with a wide range of storage options from Local Backups, FTP to cloud options like AWS …

600K 5 CVEs
BackWPup – WordPress Backup & Restore Plugin

BackWPup – WordPress Backup & Restore Plugin

backwpup

B
83

Create a complete WordPress backup easily. Schedule automatic backups, store securely, and restore effortlessly with the best WordPress backup plugin!

500K 10 CVEs
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid

Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid

boldgrid-backup

A
95

Automated backups, remote backup to Amazon S3 and Google Drive, stop website crashes before they happen and more. Total Upkeep is the backup solution …

60K 6 CVEs
Clone

Clone

wp-clone-by-wp-academy

A
93

100% FREE clone and migration

50K 5 CVEs
InstaWP Connect – 1-click WP Staging & Migration

InstaWP Connect – 1-click WP Staging & Migration

instawp-connect

B
76

Create a staging WordPress site from production (live site). Ideal for testing updates, version change or re-write. Sync back only the changes.

30K 15 CVEs
Developer Profile

Backup Database Developer Profile

fnywebit

2 plugins · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Backup Database

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fny-database-backup/public/js/fnyDatabaseBackup.js/wp-content/plugins/fny-database-backup/public/css/fnyDatabaseBackup.css/wp-content/plugins/fny-database-backup/public/bootstrap/css/bootstrap.min.css/wp-content/plugins/fny-database-backup/public/bootstrap/js/bootstrap.min.js
Script Paths
fny-database-backup/public/js/fnyDatabaseBackup.jsfny-database-backup/public/bootstrap/js/bootstrap.min.js
Version Parameters
fny-database-backup/public/js/fnyDatabaseBackup.js?ver=fny-database-backup/public/css/fnyDatabaseBackup.css?ver=fny-database-backup/public/bootstrap/css/bootstrap.min.css?ver=fny-database-backup/public/bootstrap/js/bootstrap.min.js?ver=

HTML / DOM Fingerprints

JS Globals
fnyDbGetAjaxUrl
REST Endpoints
/wp-json/fny-database-backup/v1/settings/wp-json/fny-database-backup/v1/schedule
FAQ

Frequently Asked Questions about Backup Database