Lucene search
WPScanCVELIST:CVE-2022-1577HistoryJun 06, 2022 - 8:51 a.m.
CVE-2022-1577 Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF
2022-06-0608:51:09
CWE-352
WPScan
www.cve.org
5
cve-2022-1577
wordpress
database backup
schedule settings
csrf
attack
admin
notification
emails
EPSS
0.001
Percentile
32.1%
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule
CNA Affected
[
{
"product": "Database Backup for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.5.2",
"status": "affected",
"version": "2.5.2",
"versionType": "custom"
}
]
}
]Related
patchstack
patchstack
prion
prion
Cross site request forgery (csrf)
2022-06-08 10:15:00
openvas
openvas
WordPress Database Backup for WordPress Plugin < 2.5.2 CSRF Vulnerability
2022-06-09 00:00:00
wpvulndb
wpvulndb
nvd
nvd
CVE-2022-1577
2022-06-08 10:15:09
cve
cve
CVE-2022-1577
2022-06-08 10:15:09
cnvd
cnvd
WordPress Database Backup plugin跨站请求伪造漏洞
2022-06-13 00:00:00
wpexploit
wpexploit