WP Database Backup – Unlimited Database & Files Backup by Backup for WP, 704a2eadf17955f7d5fcbffebd9a4bd7c0eb7d2a

CVE, Research URL: 704a2eadf17955f7d5fcbffebd9a4bd7c0eb7d2a
Home page URL: Security reports for WP Database Backup – Unlimited Database & Files Backup by Backup for WP
Application: WP Database Backup – Unlimited Database & Files Backup by Backup for WP
Published on: Oct 21, 2016
Research Description: WP Database Backup – Unlimited Database & Files Backup by Backup for WP [wp-database-backup] < 4.3.6 WP Database Backup <= 4.3.5 - Cross-Site Request Forgery The WP Database Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.5. This is due to missing or incorrect nonce validation on the wp_db_backup_admin_init() function. This makes it possible for unauthenticated attackers to modify backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 4.3.6.
Status: vulnerable

WP Database Backup &#8211; Unlimited Database &amp; Files Backup by Backup for WP, 704a2eadf17955f7d5fcbffebd9a4bd7c0eb7d2a