4 matches found
CVE-2021-24174
The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...
WordPress Database Backups 1.2.2.6 Cross Site Request Forgery
Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Date: 2/10/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/database-backups/ Version: 1.2.2.6 Tested on: Windows 10 CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and...
WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF
Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Date: 2/10/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/database-backups/ Version: 1.2.2.6 Tested on: Windows 10 CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and...
CVE-2021-24174
The CVE-2021-24174 affects the WordPress Database Backups plugin up to version 1.2.2.6. It lacks CSRF checks, enabling an authenticated attacker to induce a logged-in user to perform actions such as generating database backups, changing plugin settings, or deleting backups. The root cause is CSRF...