cleantalk
Vulnerabilities and Security Researches

Database Backup for WordPress, CVE-2021-24322

CVE, Research URL

CVE-2021-24322

Home page URL

Security reports for Database Backup for WordPress

Application

Database Backup for WordPress

Published on
Jun 01, 2021
Research Description
The Database Backup for WordPress plugin before 2.4 did not escape the backup_recipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue.
Affected versions
Min -, max 2.4.
Status
vulnerable
Previous vulnerability researches
DB Backup (CVE-2014-9119) , Jun 07, 2024
DB Backup (CVE-2025-50031) , Jul 19, 2025
Database Backup for WordPress (CVE-2022-1577) , Jun 07, 2024
Database Backup for WordPress (CVE-2022-0255) , Jun 07, 2024
Database Backup for WordPress (CVE-2021-24322) , Jun 07, 2024
New vulnerability
Temporarily Hidden Content (CVE-2025-7658) , Jul 21, 2025
Testimonial Post type (CVE-2025-5800) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7369) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7354) , Jul 21, 2025
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7697) , Jul 21, 2025