Wp-dbmanager@* Security Vulnerabilities and Issues — Wp-dbmanager@* CVE List

Lucene search

Wp-dbmanager ProjectWp-dbmanager*

4 matches found

CVE•added 2022/08/15 11:21 a.m.•44 views

CVE-2022-2354

The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should.

7.2CVSS7.1AI score0.00203EPSS

CVE•added 2014/10/31 2:55 p.m.•42 views

CVE-2014-8334

The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable.

6.5CVSS7.4AI score0.04305EPSS

CVE•added 2018/01/05 4:29 p.m.•40 views

CVE-2014-8335

(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

7.8CVSS7.3AI score0.00106EPSS

CVE•added 2018/01/05 4:29 p.m.•31 views

CVE-2014-8336

The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement.

6.5CVSS6.5AI score0.01291EPSS