CVE-2022-1577
MEDIUMDatabase Backup for WordPress < 2.5.2 - Cross-Site Request Forgery in Schedule Backup Settings
Title source: llmDescription
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/39388900-266d-4308-88e7-d40ca6bbe346
Scores
CVSS v3
5.4
EPSS
0.0040
EPSS Percentile
32.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-352
Status
published
Products (1)
deliciousbrains/database_backup
< 2.5.2
Published
Jun 08, 2022
Tracked Since
Feb 18, 2026