Vulnerabilities and security researches forwp-dbmanager wp-dbmanager

Jun 07, 2024

CVE, Research URL: CVE-2014-8336
Home page URL: Security reports for WP-DBManager
Application: WP-DBManager
Date: Jan 05, 2018
Research Description: The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement.
Affected versions: max 2.7.2.
Status: vulnerable

CVE, Research URL: CVE-2014-8334
Home page URL: Security reports for WP-DBManager
Application: WP-DBManager
Date: Oct 31, 2014
Research Description: The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable.
Affected versions: max 2.72.
Status: vulnerable

CVE, Research URL: CVE-2022-2354
Home page URL: Security reports for WP-DBManager
Application: WP-DBManager
Date: Aug 15, 2022
Research Description: The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should.
Affected versions: max 2.80.8.
Status: vulnerable

CVE, Research URL: CVE-2014-8335
Home page URL: Security reports for WP-DBManager
Application: WP-DBManager
Date: Jan 05, 2018
Research Description: (1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
Affected versions: max 2.72.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 2817b75f-d75e-4166-83dc-29ffb5deecf7
Home page URL: Security reports for WP-DBManager
Application: WP-DBManager
Date: -
Research Description: WP-DBManager [wp-dbmanager] < 2.79.2 Download WP-DBManager <= 2.79.1 - Arbitrary File Delete The WP-DBManager WordPress plugin was affected by an Arbitrary File Delete security vulnerability.
Affected versions: max 2.79.2.
Status: vulnerable

CVE, Research URL: 44b95778d7a39eea2c36ce9d9c2a2f7ca7cda057
Home page URL: Security reports for WP-DBManager
Application: WP-DBManager
Date: Nov 27, 2018
Research Description: WP-DBManager [wp-dbmanager] < 2.79.2 WordPress WP-DBManager plugin <= 2.79.1 - Arbitrary File Deletion vulnerability Arbitrary File Deletion vulnerability found by RIPS in WordPress WP-DBManager plugin (versions <= 2.79.1).
Affected versions: max 2.79.2.
Status: vulnerable

CVE, Research URL: c4f629e11b2b4b566dd4cd877a7235b5f19b5953
Home page URL: Security reports for WP-DBManager
Application: WP-DBManager
Date: Oct 22, 2018
Research Description: WP-DBManager [wp-dbmanager] < 2.79.2 WP-DBManager <= 2.79.1 - Directory Traversal Allowing Arbitrary File Deletion The WP-DBManager plugin for WordPress is vulnerable to Directory Traversal allowing arbitrary file deletion in versions up to, and including, 2.79.1. This allows authenticated high-privilege attackers to delete arbitrary files, which can be used to reset a site and gain administrative access.
Affected versions: max 2.79.2.
Status: vulnerable