CVE-2026-54839
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
The Trinity Backup plugin for WordPress in versions 2.0.9 and below allows unauthenticated users to access sensitive data. This vulnerability enables information disclosure without requiring authentication.
Risk Assessment
An attacker can access backup files that may contain confidential data such as passwords, API keys, or personal user information, leading to a breach of system confidentiality and integrity.
Recommendation
Immediately update the Trinity Backup plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin.
Original NVD description (English source)
Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 versions.

