WP Database Backup – Unlimited Database & Files Backup by Backup for WP, cc1214c74076aeb56cfaa73e4b7446fd38e1e1e6

CVE, Research URL: cc1214c74076aeb56cfaa73e4b7446fd38e1e1e6
Home page URL: Security reports for WP Database Backup – Unlimited Database & Files Backup by Backup for WP
Application: WP Database Backup – Unlimited Database & Files Backup by Backup for WP
Published on: Mar 24, 2019
Research Description: WP Database Backup – Unlimited Database & Files Backup by Backup for WP [wp-database-backup] < 5.1.3 WP Database Backup <= 5.1.2 - Unauthenticated Settings Update to Remote Code Execution The WP Database Backup plugin for WordPress is vulnerable to unauthenticated settings update that can lead to remote code execution via the wpsetting functionality in versions up to, and including, 5.1.2. This makes it possible for unauthenticated attackers to inject malicious code into settings that will execute when a back-up is triggered by an unsuspecting user.
Affected versions: max 5.1.3.
Status: vulnerable

WP Database Backup &#8211; Unlimited Database &amp; Files Backup by Backup for WP, cc1214c74076aeb56cfaa73e4b7446fd38e1e1e6