Vulnerabilities and security researches fordatabase-toolset database-toolset

May 04, 2025

CVE, Research URL: CVE-2025-4222
Home page URL: Security reports for Database Toolset
Application: Database Toolset
Date: May 03, 2025
Research Description: The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack would need to be successful in order to compromise any data.
Affected versions: max 1.8.4.
Status: vulnerable

Apr 27, 2025

CVE, Research URL: CVE-2025-3065
Home page URL: Security reports for Database Toolset
Application: Database Toolset
Date: Apr 24, 2025
Research Description: The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected versions: max 1.8.4.
Status: vulnerable

Apr 14, 2025

CVE, Research URL: CVE-2025-32633
Home page URL: Security reports for Database Toolset
Application: Database Toolset
Date: Apr 11, 2025
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in neoslab Database Toolset allows Path Traversal. This issue affects Database Toolset: from n/a through 1.8.4.
Affected versions: max 1.8.4.
Status: vulnerable