CVE-2022-1577

MEDIUM

Database Backup for WordPress < 2.5.2 - Cross-Site Request Forgery in Schedule Backup Settings

Title source: llm
STIX 2.1

Description

The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/39388900-266d-4308-88e7-d40ca6bbe346

Scores

CVSS v3 5.4
EPSS 0.0040
EPSS Percentile 32.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Details

CWE
CWE-352
Status published
Products (1)
deliciousbrains/database_backup < 2.5.2
Published Jun 08, 2022
Tracked Since Feb 18, 2026