CVE-2021-24174

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin’s settings and delete backups.

Summary:

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin’s settings and delete backups.

Reference Links(if available):

  • https://wpscan.com/vulnerability/350c3e9a-bcc2-486a-90e6-d1dc13ce1bd5
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)