Does Keep Backup Daily have any unpatched vulnerabilities?

No. All known vulnerabilities in Keep Backup Daily have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Keep Backup Daily compatible with WordPress 6.9.4?

According to WordPress.org data, Keep Backup Daily 2.1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Keep Backup Daily compatible with PHP 7.0+?

Keep Backup Daily requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Keep Backup Daily updated?

Keep Backup Daily was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Keep Backup Daily's security score?

Keep Backup Daily has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Keep Backup Daily Security & Risk Analysis

wordpress.org/plugins/keep-backup-daily

Keep Backup Daily backup your wordpress database and email to you daily, weekly, monthly and even yearly according to the settings.

300 active installs v2.1.3 PHP 7.0+ WP 3.0+ Updated Mar 13, 2026

daily-backupdatabase-securityfree-backupkeep-backup-dailyregular-backup

A · Safe

CVEs total6

Unpatched0

Last CVEMar 20, 2026

Plugin page Download

Safety Verdict

Is Keep Backup Daily Safe to Use in 2026?

Generally Safe

Score 95/100

Keep Backup Daily has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Mar 20, 2026Updated 22d ago

Risk Assessment

The 'keep-backup-daily' plugin v2.1.3 presents a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and an adequate number of nonce checks, several concerning areas require attention. The presence of 3 AJAX handlers without authentication checks significantly expands the attack surface, potentially allowing unauthorized users to trigger sensitive operations.

The static analysis also highlights the use of the `unserialize` function, which is notoriously dangerous and can lead to remote code execution if used with untrusted input. Although the taint analysis shows no critical or high severity flows, the 6 flows with unsanitized paths are concerning as they could potentially be exploited, especially in conjunction with the unauthenticated AJAX handlers.

The plugin's vulnerability history is a significant red flag. With 4 known medium severity CVEs, including Path Traversal, Exposure of Sensitive Information, and Cross-site Scripting, it indicates a pattern of exploitable weaknesses. The fact that these vulnerabilities existed, even if they are now patched, suggests a recurring need for more robust security development practices. While the absence of currently unpatched vulnerabilities is positive, the historical pattern combined with the identified code weaknesses warrants a cautious approach to its deployment.

Key Concerns

Unauthenticated AJAX handlers
Dangerous function: unserialize usage
Flows with unsanitized paths
Known medium severity CVEs in history
Improper output escaping (29% unescaped)

Vulnerabilities

Keep Backup Daily Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

1 CVE in 2024

2024

1 CVE in 2025

2025

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

Low

6 total CVEs

CVE-2026-3339low · 2.7Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Keep Backup Daily <= 2.1.1 - Authenticated (Admin+) Limited Path Traversal via 'kbd_path' Parameter

Mar 20, 2026 Patched in 2.1.3 (1d)

CVE-2026-3577medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Keep Backup Daily <= 2.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Backup Title

Mar 20, 2026 Patched in 2.1.3 (1d)

CVE-2025-26779medium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Keep Backup Daily <= 2.1.0 - Authenticated (Admin+) Arbitrary File Download

Feb 14, 2025 Patched in 2.1.1 (5d)

CVE-2024-48024medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Keep Backup Daily <= 2.0.8 - Unauthenticated Information Disclosure

Oct 9, 2024 Patched in 2.0.9 (16d)

WF-741ad2f5-d5cf-44bc-ac4a-7894df77a3d1-keep-backup-dailymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Keep Backup Daily <= 2.0.3 - Reflected Cross-Site Scripting

Jul 7, 2022 Patched in 2.0.4 (565d)

CVE-2022-1820medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Keep Backup Daily <= 2.0.2 - Reflected Cross-Site Scripting

May 23, 2022 Patched in 2.0.3 (610d)

Code Analysis

Analyzed Mar 16, 2026

Keep Backup Daily Code Analysis

Dangerous Functions

Raw SQL Queries

50 prepared

Unescaped Output

100 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$response = unserialize( trim( $response ) );inc\find_replace\class\Common\Http\RemotePost.php:298

unserialize$unserialized_string = @unserialize( $serialized_string );inc\find_replace\class\Common\Util\Util.php:171

unserializeif(is_array(unserialize($data)))inc\functions.php:327

unserialize$data = unserialize($data);inc\functions.php:332

unserialize$unserialized = @unserialize($data);inc\functions.php:687

SQL Query Safety

81% prepared62 total queries

Output Escaping

71% escaped140 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths

kbd_open_upload_dir (inc\functions.php:821)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Keep Backup Daily Attack Surface

Entry Points20

Unprotected3

AJAX Handlers 20

authwp_ajax_kbfnr_plugin_compatibilityinc\find_replace\class\Common\Compatibility\CompatibilityManager.php:103

authwp_ajax_kbfnr_initiate_migrationinc\find_replace\class\Common\Migration\MigrationManager.php:139

authwp_ajax_kbfnr_migrate_tableinc\find_replace\class\Common\Migration\MigrationManager.php:140

authwp_ajax_kbfnr_cancel_migrationinc\find_replace\class\Common\Migration\MigrationManager.php:141

authwp_ajax_kbfnr_finalize_migrationinc\find_replace\class\Common\Migration\MigrationManager.php:142

authwp_ajax_kbfnr_flushinc\find_replace\class\Common\Migration\MigrationManager.php:143

noprivwp_ajax_kbfnr_flushinc\find_replace\class\Common\Migration\MigrationManager.php:144

authwp_ajax_kbfnr_process_notice_linkinc\find_replace\class\Common\Plugin\PluginManagerBase.php:104

authwp_ajax_kbfnr_process_notice_linkinc\find_replace\class\Common\Plugin\PluginManagerBase.php:105

authwp_ajax_kbfnr_delete_migration_profileinc\find_replace\class\Common\Profile\ProfileManager.php:111

authwp_ajax_kbfnr_save_profileinc\find_replace\class\Common\Profile\ProfileManager.php:112

authwp_ajax_kbfnr_save_settinginc\find_replace\class\Common\Settings\SettingsManager.php:48

authwp_ajax_kbfnr_clear_loginc\find_replace\class\Common\Settings\SettingsManager.php:49

authwp_ajax_kbfnr_get_loginc\find_replace\class\Common\Settings\SettingsManager.php:50

authwp_ajax_kbfnr_whitelist_pluginsinc\find_replace\class\Common\Settings\SettingsManager.php:51

authwp_ajax_kbfnr_update_max_request_sizeinc\find_replace\class\Common\Settings\SettingsManager.php:52

authwp_ajax_kbfnr_update_delay_between_requestsinc\find_replace\class\Common\Settings\SettingsManager.php:53

authwp_ajax_update_kbd_bkup_aliasinc\functions.php:578

authwp_ajax_kbd_open_upload_dirinc\functions.php:818

authwp_ajax_kbd_process_fresh_backupinc\functions.php:969

WordPress Hooks 25

filterkbfnr_backup_header_included_tablesinc\find_replace\class\Common\BackupExport.php:70

actionkbfnr_noticesinc\find_replace\class\Common\Compatibility\CompatibilityManager.php:105

actionkb_migrate_db_remove_compatibility_plugininc\find_replace\class\Common\Compatibility\CompatibilityManager.php:107

actionadmin_initinc\find_replace\class\Common\Filesystem\Filesystem.php:64

filterkbfnr_after_responseinc\find_replace\class\Common\Http\RemotePost.php:113

filterkbfnr_create_table_queryinc\find_replace\class\Common\Migration\MigrationManager.php:254

filterkbfnr_create_table_queryinc\find_replace\class\Common\Migration\MigrationManager.php:259

actionadmin_menuinc\find_replace\class\Common\Plugin\Menu.php:39

actionadmin_head-settings_page_kbd_downloadinc\find_replace\class\Common\Plugin\Menu.php:50

actionpre_current_active_pluginsinc\find_replace\class\Common\Plugin\PluginManagerBase.php:101

actionplugins_loadedinc\find_replace\class\Common\Plugin\PluginManagerBase.php:103

filterhttp_request_argsinc\find_replace\class\Common\Plugin\PluginManagerBase.php:108

actionadmin_initinc\find_replace\class\Common\Plugin\PluginManagerBase.php:110

actionadmin_enqueue_scriptsinc\find_replace\class\Common\Plugin\PluginManagerBase.php:113

actionkbfnr_after_advanced_optionsinc\find_replace\class\Free\UI\Template.php:35

actioninitinc\find_replace\class\KBDFindReplace.php:47

filternocache_headersinc\find_replace\class\KBDFindReplace.php:49

actionplugins_loadedinc\find_replace\setup-mdb.php:34

actionadmin_footerinc\functions.php:711

actioninitinc\functions.php:912

filterwp_mail_content_typeinc\kbd_cron.php:43

actioninitindex.php:101

actionadmin_menuindex.php:103

actionadmin_enqueue_scriptsindex.php:105

actioninitindex.php:110

Maintenance & Trust

Keep Backup Daily Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.0

Downloads52K

Community Trust

Rating88/100

Number of ratings45

Active installs300

Alternatives

Keep Backup Daily Alternatives

Content Guard Pro – Database Malware Scanner & Spam Detector

content-guard-pro

100

Scan your WordPress database for hidden malware, spam links, and SEO injections that file-based security plugins miss. Gutenberg-aware.

0 No CVEs

Developer Profile

Keep Backup Daily Developer Profile

Fahad Mahmood

40 plugins · 33K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

223 days

View full developer profile

Detection Fingerprints

How We Detect Keep Backup Daily

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/keep-backup-daily/assets/css/common.css/wp-content/plugins/keep-backup-daily/assets/js/common.js/wp-content/plugins/keep-backup-daily/assets/js/kbfnr-admin.js

Version Parameters

keep-backup-daily/assets/css/common.css?ver=keep-backup-daily/assets/js/common.js?ver=keep-backup-daily/assets/js/kbfnr-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

kbfnr-notice-wrapkbfnr-button-wrap

HTML Comments

Data Attributes

data-kbfnr-ajax-urldata-kbfnr-ajax-noncedata-kbfnr-plugin-nonce

JS Globals

kbfnr_admin_params

REST Endpoints

/wp-json/kbfnr/v1/compatibility

FAQ