8 matches found
CVE-2020-7241
The CVE concerns the WordPress WP Database Backup plugin (affected through 5.5, with related OpenVAS entry for
CVE-2022-2271
CVE-2022-2271 concerns the WP Database Backup WordPress plugin datamodel. The provided documents confirm that versions prior to 5.9 fail to escape certain settings, enabling stored cross-site scripting (Stored XSS) by high-privilege users (e.g., admins) when the unfiltered_html capability is disa...
CVE-2016-10873
CVE-2016-10873 affects the WordPress wp-database-backup plugin prior to version 4.3.3, where an XSS vulnerability exists in the plugin’s handling of data. The Red Hat entry and CNVD/CVE records confirm a cross-site scripting flaw that can allow client-side code execution within affected pages. Th...
CVE-2016-10875
The wp-database-backup WordPress plugin is affected (versions prior to 4.3.1) by a cross-site scripting (XSS) flaw. Several connected sources confirm the issue and relate it to inadequate input validation (and some references note CSRF in related advisories). The root cause is exposure via the pl...
CVE-2019-14949
The CVE-2019-14949 entry concerns the WordPress WP Database Backup plugin (before version 5.1.2) and is due to a Cross-Site Scripting (XSS) vulnerability in that plugin. Multiple connected sources confirm the affected software and the vulnerability class (XSS) with remediation guidance: upgrade t...
CVE-2016-10874
Summary (CVE-2016-10874) : The WP-Database-Backup WordPress plugin is affected by a CSRF vulnerability in versions prior to 4.3.3. Multiple sources (Red Hat, CNVD, CVE lists, WPVulnDB, and PT Security) confirm the issue and indicate the vulnerability resides in the plugin’s handling of requests t...
CVE-2016-10876
The CVE-2016-10876 entry concerns the WordPress wp-database-backup plugin, affected before version 4.3.1. The vulnerability is a CSRF flaw in the plugin, allowing unauthorized actions to be triggered by an attacker on behalf of an authenticated user. Root cause: insufficient verification of reque...
CVE-2019-25224
CVE-2019-25224 concerns the WP Database Backup WordPress plugin. Versions prior to 5.2 are vulnerable to OS Command Injection via the mysqldump function, allowing unauthenticated attackers to execute arbitrary commands on the host OS. This yields a high-severity (CVSS 3.1: 9.8) total impact inclu...