Vulnerabilities and security researches forwp-db-backup

CVE, Research URL: CVE-2022-1577
Home page URL: Security reports for Database Backup for WordPress
Application: Database Backup for WordPress
Date: Jun 08, 2022
Research Description: The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-0255
Home page URL: Security reports for Database Backup for WordPress
Application: Database Backup for WordPress
Date: Feb 21, 2022
Research Description: The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24322
Home page URL: Security reports for Database Backup for WordPress
Application: Database Backup for WordPress
Date: Jun 01, 2021
Research Description: The Database Backup for WordPress plugin before 2.4 did not escape the backup_recipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2014-10076
Home page URL: Security reports for Database Backup for WordPress
Application: Database Backup for WordPress
Date: Oct 05, 2018
Research Description: The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2006-4208
Home page URL: Security reports for Database Backup for WordPress
Application: Database Backup for WordPress
Date: Aug 18, 2006
Research Description: Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php.
Affected versions: Min -, max -.
Status: vulnerable

Vulnerabilities and security researches forwp-db-backup wp-db-backup