Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:187E6967-6961-4843-A9D5-866F6EBDB7BC
HistoryMar 13, 2021 - 12:00 a.m.

VM Backups <= 1.0 - CSRF to Database Backup Download

2021-03-1300:00:00
wpscan.com
5
JSON

The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current theme. The files will be created in the uploads directory by default, with a timestamp in their filenames, without any access restriction, leaving them exposed if an attacker guesses their path or the blog is misconfigured to allow directory listing. However they could also be sent to an arbitrary email address via the CSRF attack as well. As the plugin uses mysql_connect(), PHP < 7 is required on the target to be able to perform the attack, however a blog using the plugin is likely to be configured this way.

PoC

The PoC will be displayed once the issue has been remediated

CPENameOperatorVersion
vm-backupseq*

Related

cvelist 1
patchstack 1
wpexploit 1
prion 1
cve 1
cvelist
cvelist
CVE-2021-24172 VM Backups <= 1.0 - CSRF to Database Backup Download
2021-04-05 18:27:44
patchstack
patchstack
WordPress VM Backups plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability
2021-04-07 00:00:00
wpexploit
wpexploit
VM Backups <= 1.0 - CSRF to Database Backup Download
2021-03-13 00:00:00
prion
prion
Cross site request forgery (csrf)
2021-04-05 19:15:00
cve
cve
CVE-2021-24172
2021-04-05 19:15:00
JSON
Related for WPVDB-ID:187E6967-6961-4843-A9D5-866F6EBDB7BC
cvelist1patchstack1wpexploit1prion1cve1