WordPress Database Backup for WordPress plugin <= 2.5.1 - Arbitrary Schedule Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

wp-db-backup

Software

Database Backup for WordPress

Vulnerable Versions

<= 2.5.1

Fixed in version

2.5.2

CVE

CVE-2022-1577

References

CVE-2022-1577
Vulnerability details
Plugin changelog

Credits

Daniel Ruf

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A3: Cross Site Scripting (XSS)

Disclosure Date

2022-05-11

CVSS 3.0 score

5.4

Medium

Are your websites subject to this vulnerability?

Details

Arbitrary Schedule Settings Update via Cross-Site Request Forgery (CSRF) vulnerability discovered by Daniel Ruf in WordPress Database Backup for WordPress plugin (versions <= 2.5.1).

Solution

Update the WordPress Database Backup for WordPress plugin to the latest available version (at least 2.5.2).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Vulnerability Database

WordPress Database Backup for WordPress plugin <= 2.5.1 - Arbitrary Schedule Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

wp-db-backup

Software

Database Backup for WordPress

Vulnerable Versions

<= 2.5.1

Fixed in version

2.5.2

CVE

CVE-2022-1577

References

CVE-2022-1577
Vulnerability details
Plugin changelog

Credits

Daniel Ruf

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A3: Cross Site Scripting (XSS)

Disclosure Date

2022-05-11

CVSS 3.0 score

5.4

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Arbitrary Schedule Settings Update via Cross-Site Request Forgery (CSRF) vulnerability discovered by Daniel Ruf in WordPress Database Backup for WordPress plugin (versions <= 2.5.1).

Solution

Update the WordPress Database Backup for WordPress plugin to the latest available version (at least 2.5.2).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Solutions

Patchstack

© 2022 Patchstack

© 2021 Patchstack

Vulnerability Database

WordPress Database Backup for WordPress plugin <= 2.5.1 - Arbitrary Schedule Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

wp-db-backup

Software

Database Backup for WordPress

Vulnerable Versions

<= 2.5.1

Fixed in version

2.5.2

CVE

CVE-2022-1577

References

CVE-2022-1577 Vulnerability details Plugin changelog

Credits

Daniel Ruf

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A3: Cross Site Scripting (XSS)

Disclosure Date

2022-05-11

CVSS 3.0 score

5.4

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Arbitrary Schedule Settings Update via Cross-Site Request Forgery (CSRF) vulnerability discovered by Daniel Ruf in WordPress Database Backup for WordPress plugin (versions <= 2.5.1).

Solution

Update the WordPress Database Backup for WordPress plugin to the latest available version (at least 2.5.2).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Solutions

Patchstack

© 2022 Patchstack

© 2021 Patchstack

CVE-2022-1577
Vulnerability details
Plugin changelog