CVE-2026-4029

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

CVE-2026-4030

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

CVE-2026-4029 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

CVE-2026-4030

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

CVE-2026-4030

The vulnerability CVE-2026-4030 affects the Database Backup for WordPress plugin for WordPress (all versions up to 2.5.2). The root cause is the plugin not properly enforcing the return value of its authorization check when combined with a user-controlled backup directory parameter, enabling unau...

CVE-2026-4029

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

EUVD-2016-1870

Malware in sbrugna...

CVE-2021-24322

The Database Backup for WordPress plugin before 2.4 did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue...

CVE-2016-10876

The wp-database-backup plugin before 4.3.1 for WordPress has CSRF...

WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nabil Irawan in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions = 5.25.08...

WordPress plugin WP Database Backup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

CVE-2022-0255

The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue...

Wordpress Plugin Database Backup SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. wordpress Database Backup Plugin has a SQL injecti...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

WordPress wp-database-backup plugin cross-site scripting vulnerability (CNVD-2019-27695)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-database-backup plugin is a database backup and restore plugin used in it. A cross-site scripting vulnerability exists i...

CVE-2016-10876

The wp-database-backup plugin before 4.3.1 for WordPress has CSRF...

CVE-2016-10875

The wp-database-backup WordPress plugin is affected (versions prior to 4.3.1) by a cross-site scripting (XSS) flaw. Several connected sources confirm the issue and relate it to inadequate input validation (and some references note CSRF in related advisories). The root cause is exposure via the pl...

PT-2019-7671 · WordPress · Wp-Database-Backup

Name of the Vulnerable Software and Affected Versions: wp-database-backup plugin versions prior to 4.3.1 Description: The issue affects the wp-database-backup plugin for WordPress, allowing for cross-site scripting XSS attacks. Recommendations: For versions prior to 4.3.1, update to version 4.3.1...

Information Leakage and Full path disclosure vulnerabilities in WordPress

Hello 3APA3A! I want to warn you about security vulnerabilities in WordPress which I published at 30.07.2010 during my Day of bugs in WordPress 2 project. ------------------------------ Advisory: Day of bugs in WordPress 2: Information Leakage and Full path disclosure vulnerabilities in WordPress...

CVE-2007-3494

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...