CVE-2021-24174

April 9, 2021

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin’s settings and delete backups.

Summary:

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin’s settings and delete backups.

Reference Links(if available):

  • https://wpscan.com/vulnerability/350c3e9a-bcc2-486a-90e6-d1dc13ce1bd5

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    play news ransomware

    Play Ransomware Victim: Alltruck Bodies

    April 19, 2024
    play news ransomware

    Play Ransomware Victim: Engineered Automation of Maine

    April 19, 2024
    play news ransomware

    Play Ransomware Victim: SIS Automatisering

    April 19, 2024
    play news ransomware

    Play Ransomware Victim: Pennsylvania Convention Center

    April 19, 2024
    play news ransomware

    Play Ransomware Victim: P??????? & ????

    April 19, 2024