3 matches found
CVE-2022-1577
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails t...
CVE-2022-1577 Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails t...
CVE-2022-1577
The CVE-2022-1577 entry affects the WordPress Database Backup plugin for WordPress (pre-2.5.2). The root cause is absence of a CSRF check when updating the scheduled backup settings, enabling a logged-in admin to be coerced into changing settings via CSRF. Reported outcomes include attackers pote...