CVE Catalog

CVE-2026-54839

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

The Trinity Backup plugin for WordPress in versions 2.0.9 and below allows unauthenticated users to access sensitive data. This vulnerability enables information disclosure without requiring authentication.

Risk Assessment

An attacker can access backup files that may contain confidential data such as passwords, API keys, or personal user information, leading to a breach of system confidentiality and integrity.

Recommendation

Immediately update the Trinity Backup plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin.

Original NVD description (English source)

Unauthenticated Sensitive Data Exposure in Trinity Backup &#8211; Backup, Migrate, Restore, Clone &amp; Schedule Backups <= 2.0.9 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS