Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1577 | 1 Deliciousbrains | 1 Database Backup | 2022-06-15 | 5.8 MEDIUM | 5.4 MEDIUM |
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule | |||||
CVE-2022-0255 | 1 Deliciousbrains | 1 Database Backup | 2022-02-28 | 6.5 MEDIUM | 7.2 HIGH |
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue | |||||
CVE-2021-24322 | 1 Deliciousbrains | 1 Database Backup | 2021-06-11 | 3.5 LOW | 5.4 MEDIUM |
The Database Backup for WordPress plugin before 2.4 did not escape the backup_recipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue. |