Vulnerability Description
The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Database-Backups Project | Database-Backups | <= 1.2.2.6 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/163091/WordPress-Database-Backups-1.2.2.6-CExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/350c3e9a-bcc2-486a-90e6-d1dc13ce1bd5Third Party Advisory
- http://packetstormsecurity.com/files/163091/WordPress-Database-Backups-1.2.2.6-CExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/350c3e9a-bcc2-486a-90e6-d1dc13ce1bd5Third Party Advisory
FAQ
What is CVE-2021-24174?
CVE-2021-24174 is a vulnerability with a CVSS score of 8.1 (HIGH). The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plug...
How severe is CVE-2021-24174?
CVE-2021-24174 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24174?
Check the references section above for vendor advisories and patch information. Affected products include: Database-Backups Project Database-Backups.