cleantalk
Vulnerabilities and Security Researches

Database Backup for WordPress, CVE-2022-1577

CVE, Research URL

CVE-2022-1577

Home page URL

Security reports for Database Backup for WordPress

Application

Database Backup for WordPress

Published on
Jun 08, 2022
Research Description
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule
Affected versions
Min -, max 2.5.2.
Status
vulnerable
Previous vulnerability researches
DB Backup (CVE-2014-9119) , Jun 07, 2024
DB Backup (CVE-2025-50031) , Jul 19, 2025
Database Backup for WordPress (CVE-2022-1577) , Jun 07, 2024
Database Backup for WordPress (CVE-2022-0255) , Jun 07, 2024
Database Backup for WordPress (CVE-2021-24322) , Jun 07, 2024
New vulnerability
Temporarily Hidden Content (CVE-2025-7658) , Jul 21, 2025
Testimonial Post type (CVE-2025-5800) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7369) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7354) , Jul 21, 2025
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7697) , Jul 21, 2025