WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nabil Irawan in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions = 5.25.08...

WordPress plugin EZ SQL Reports Shortcode Widget and DB Backup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2024-13910

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'databasebackupajaxdelete' function in all versions up to, and including, 2.35. This makes it possible for authenticated...

CVE-2024-13910 Database Backup and check Tables Automated With Scheduler 2024 <= 2.36 - Authenticated (Administrator+) Arbitrary File Deletion

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'databasebackupajaxdelete' function in all versions up to, and including, 2.35. This makes it possible for authenticated...

CVE-2024-13910

CVE-2024-13910 affects the WordPress plugin “Database Backup and check Tables Automated With Scheduler 2024” (Database Backup, plugin versions

CVE-2024-13911

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level acces...

CVE-2024-13911 Database Backup and check Tables Automated With Scheduler 2024 <= 2.35 - Authenticated (Administrator+) Sensitive Information Exposure

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level acces...

CVE-2024-13911 Database Backup and check Tables Automated With Scheduler 2024 <= 2.35 - Authenticated (Administrator+) Sensitive Information Exposure

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level acces...

WordPress plugin Database Backup and check Tables Automated With Scheduler 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Database Backup and check...

WordPress Database Backup plugin <= 2.36 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability

Authenticated Administrator+ Arbitrary File Deletion vulnerability discovered by sterva in WordPress Plugin Database Backup versions = 2.36...

WordPress Database Backup plugin <= 2.35 - Authenticated (Administrator+) Sensitive Information Exposure vulnerability

Authenticated Administrator+ Sensitive Information Exposure vulnerability discovered by sterva in WordPress Plugin Database Backup versions = 2.35...

PT-2025-7837 · Db Backup +1 · Db Backup +1

Name of the Vulnerable Software and Affected Versions: EZ SQL Reports Shortcode Widget and DB Backup versions n/a through 5.21.35 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attack...

CVE-2024-13609 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data includi...

CVE-2024-13609 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data includi...

WordPress 1 Click WordPress Migration plugin <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php vulnerability

Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php vulnerability discovered by Joshua Provoste in WordPress Plugin 1 Click WordPress Migration versions = 2.2...

1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php

Description The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive...

CVE-2025-22961

A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control CWE-284. Unauthenticated attackers can directly access sensitive database backup files snapshotusers.db via publicly exposed URLs...

CVE-2022-40202

The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication...

CVE-2024-12330

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly accessible back-up files. This makes it possible for unauthenticated attackers to extract sensiti...

VulnCheck KEV: CVE-2025-23209

Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution...