3 matches found
CVE-2022-0255
The CVE-2022-0255 entry concerns the WordPress Database Backup plugin (before 2.5.1). The vulnerability is a SQL injection in the admin dashboard caused by improper sanitisation/escaping of the fragment parameter before use in SQL. Affected component: the admin-side handling of the fragment param...
CVE-2022-1577
The CVE-2022-1577 entry affects the WordPress Database Backup plugin for WordPress (pre-2.5.2). The root cause is absence of a CSRF check when updating the scheduled backup settings, enabling a logged-in admin to be coerced into changing settings via CSRF. Reported outcomes include attackers pote...
CVE-2021-24322
The CVE-2021-24322 entry concerns the WordPress Database Backup plugin prior to version 2.4. The vulnerability is a Stored XSS caused by not escaping the backup_recipient POST parameter before echoing it into an HTML attribute, enabling an attacker to inject malicious payloads. Affected product: ...