Database Backup for WordPress

2.5.3 – 2026-04-20

• Security: Missing Authorization to Unauthenticated Database Export (CVE-2026-4029), thanks to security researcher Drew Webber (mcdruid)
• Security: Missing Authorization to Unauthenticated Arbitrary File Read and Deletion (CVE-2026-4030), thanks to security researcher Drew Webber (mcdruid)
• Security: Missing Authorization to Unauthenticated Database Backup Interception (CVE-2026-4031), thanks to security researcher Drew Webber (mcdruid)
• Bug fix: Deprecation warnings for dynamic properties with recent versions of PHP are no longer logged to debug.log
• Bug fix: Deprecation warnings for passing null to parameter #3 ($subject) of str_replace are no longer logged to debug.log
• Bug fix: Resolve issue writing files on Windows, thanks @ProjectPatatoe
• Bug fix: The blog name used in email titles is now properly decoded

2.5.2 – 2022-05-09

• Security: “Scheduled Backup” form now has nonce check

2.5.1 – 2022-01-17

• Security: Make sure table exists before attempting backup

2.5 – 2021-12-17

• New: Brand new user interface
• Improvement: Compatibility with WordPress 5.8

2.4

• Compatibility with PHP 8 and WordPress 5.7
• Fix email backup functionality
• Fix for bug where backup file would be gzipped twice
• Fixes for several PHP notices
• Add DBBWP_ prefix to global constants

2.3

• Remove backup directory use

2.2.4

• Remove deprecated functionality
• Do not attempt to delete non-existent files

2.2.3

• Nonce check fix for localized WP users from Sergey Biryukov
• Fix for gzipped files’ incorrect size
• Some styling improvements
• Fix for JS multiple checkbox selection